I get that, but what if you recently ran sudo make-me-a-sandwich in that shell s... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Jgrubb on Dec 13, 2012 \| parent \| context \| favorite \| on: Show HN: roots - a toolkit for advanced front-end ... I get that, but what if you recently ran sudo make-me-a-sandwich in that shell session? If someone maliciously slipped a sudo command in that script they'd have everything they needed, and you might not even realize it. Obviously, I'm not suggesting the authors of these tools, but these remote shell installers seem like they'd be obvious targets for Bad Hackers. It seems like the whole point of these remote shell installers is to make it easier for some people, but some might not be aware of this risk.

gravitronic on Dec 13, 2012 [–]

you know you could just read the shell script, which is one way that this install method is more transparent than an installer binary.

SkyMarshal on Dec 13, 2012 | [–]

Yes, and they should drop the pipe to bash/sh at the end of the curl command. Download it, read it, then manually run it, don't just pipe it all together.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact