You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is never safe to pipe curl to bash. The practice of verifying a different fetch of a URL than the one which is actually executed, as this site is currently advocating that users do, is an easily-exploitable time-of-check to time-of-use vulnerability.
It is never safe to pipe curl to bash. The practice of verifying a different fetch of a URL than the one which is actually executed, as this site is currently advocating that users do, is an easily-exploitable time-of-check to time-of-use vulnerability.
A malicious webserver can determine if the script download is actually being piped directly to bash, so, it can serve innocuous code when it isn't and malicious code when it is.
should-i-pipe.itshould always say no. If you want to verify things somehow before running them, you should verify the copy you're going to run.The text was updated successfully, but these errors were encountered: