And never run commands copied from a web page, even if you do know them.
JavaScript’s copy/paste API means a website owner or an attacker can change the contents of your clipboard after you press copy, and you’ll end up pasting malicious commands into your shell. I think Firefox blocks this now, don’t know about Chrome.
This is the first lesson you have to learn as a Linux enthusiast, NEVER run commands you don’t know from the internet
“Nah, just curl this random web address and pipe it over to a sudo bash shell, everything will be fine!”
I hate how this is becoming the official install method for more and more shit. It’s like dude, really? You may as well stick your dick in a garbage disposal, both of those actions are equally safe.
You’re dreaming if you think I’m not going to wget it and read it to see what it does first.
As a lawyer I feel the same about people not reading contracts and signing stuff or just clicking the accept button. But hey, that’s just how it is unfortunately.
To be fair: This is what everyone expects when you install software for Windows. Just download a more or less “good looking” binary blob, execute it with administrative privileges and hope that it will do what you want it to do.
This is the first lesson you have to learn as a Linux enthusiast, NEVER run commands you don’t know from the internet
And never run commands copied from a web page, even if you do know them.
JavaScript’s copy/paste API means a website owner or an attacker can change the contents of your clipboard after you press copy, and you’ll end up pasting malicious commands into your shell. I think Firefox blocks this now, don’t know about Chrome.
Oh shit fr? That’s wild
“Nah, just
curl
this random web address and pipe it over to a sudo bash shell, everything will be fine!”I hate how this is becoming the official install method for more and more shit. It’s like dude, really? You may as well stick your dick in a garbage disposal, both of those actions are equally safe.
You’re dreaming if you think I’m not going to
wget
it and read it to see what it does first.At least it’s transparent and often doesn’t require root, unlike say a debian package.
As a lawyer I feel the same about people not reading contracts and signing stuff or just clicking the accept button. But hey, that’s just how it is unfortunately.
Even worse is when the bash script you downloaded is only there to do some uname checks and then download and execute more code from the internet
To be fair: This is what everyone expects when you install software for Windows. Just download a more or less “good looking” binary blob, execute it with administrative privileges and hope that it will do what you want it to do.