7 comments

[ 8.9 ms ] story [ 40.3 ms ] thread
Can we please not tell people to pipe things directly from curl to bash?
people might have thought it to be malicious so i simple posted the link
Exactly. There's no way in hell anyone should ever do that, even (thanks to DNS hijacking etc.) if they thought the file was something they wrote themselves.
Don't we have a bit too much of a history with clicking/doing things on the internet with "love" in their names? Happy Friday by DigitalOcean, where trusting random people on the internets is company policy.
no love for my mac :-(

[Fri Feb 14 14:35:37] -bash:~$ curl -s valentines.digitalocean.com | bash

bash: line 1: syntax error near unexpected token `newline'

bash: line 1: `<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">'

Why could't this just be a text file with curses escapes available via netcat? At least then it's limited only to known terminal exploits, rather than running whatever the hell it wants as you.