
Detecting the use of “curl – bash” server side - ivank
https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/?
======
smt88
Need to also detect wget | bash, which should cover most cases that I see on
the web

~~~
nailer
Also people not reading the source code of software they install, which has
similar security implications to curl | bash.

~~~
smt88
Node would be literally unusable if people read all the code they're
installing and running. I personally wouldn't be able to use Deluge, Chrome,
or VS Code every day if I did that.

At some point there's an element of just trusting software because lots of
other, smarter people trust it. It's a terribly flawed system, of course.

~~~
nailer
Yes, precisely. Install software from verified sources (either signed packages
or fetched from encrypted, identity verified websites). Whether you use curl
or not is irrelevant.

