Discuss This Topic
There are 0 comments in this discussion.
url: http://www.djm.org.uk/protect-yourself-from-non-obvious-dangers-curl-url-pipe-sh/
Talks about possible attack for piping a script from curl to bash (what your browser user agent sees when viewing the file is not necessary what curl's user agent sees) and ways to make sure you are getting what you expect.
Essentially it gives techniques for reviewing and approving the script after curl downloads it, but before it is executed.