But it's not really dangerous, no more so than downloading an arbitrary binary and executing it at least. The script is delivered over https, so you're not going to be MITM'ed, and you're trusting rustup to provide you the valid install script. If you _are_ MITM'ed, it doesn't really matter what your delivery method is unless you do a verification from another device/network, and if you don't trust rustup then why are you downloading and executing their installer?
If they `shellcheck` their bash script, then sure. Aside from unquoted $vars, usually random shell scripts have a habit of polluting home and creating arbitrary dirs under god-knows-where and not respecting XDG.
They are almost always irreversible too. Like you can't undo the steps the shell scripts have done.
Any software you choose to run could not respect your desires and leave a mess. This is not a random shell script. It's the officially recommended way to install Rust [0], vetted and maintained by the community. You're free to audit the script before running it, or even check out the source [1]. If this doesn't satisfy you, check out the other installation methods [2].
Edit: I realize you're not speaking specifically about rustup, but what I said can and should apply to anything you choose to install this way.
Problems like removing a large directory instead of a file, creating your files on random places instead of the directory you pass on, or creating more files than you intended?
The one mess you see from other languages is creating files on the wrong place (or all over the place). But not those above.
Any tool can be dangerous in inexperienced or careless hands. The issues you described could just as likely be caused by logic errors or typos in any other language.
You’re talking as if all bash scripts are hacked together carelessly and work by accident. You can actually learn bash. Thankfully the script we’re discussing is written with care and vetted by the community.
Problems like removing a large directory instead of a file
The rm command doesn’t even remove directories by default, you have to specify a flag. Not knowing a tool is not a good reason to bash it.
Isn't Rust one of those languages based on the idea that tools matter and that should either be correct or obviously wrong?
(And no, those problems do usually not appear due to logic errors or typos in other languages. It's very, very rare.)
I'm well aware that the Rust installation script is well vetted and stable enough to be reliable. Bootstraping a development environment is also a real problem, with no good answers. It's understandable that they want to bootstrap from Bash. But as understandable as it is, it still carries the Bash issues with it.
Of course, the optimum solution would be to do it from your system's tools. That is something that will probably happen naturally given enough time.
> Isn't Rust one of those languages based on the idea that tools matter and that should either be correct or obviously wrong?
It doesn't really matter, if you combine `/home/myuser` and some unsantized input variable, and then call `remove_dir_all` [0], it doesn't matter how safe the language is, you're going to delete your entire home directory with absolutely no warning, whether it's in bash, go, python, rust or haskell. Yes bash makes this very easy to do, but so does pretty much every language in existence.
> (And no, those problems do usually not appear due to logic errors or typos in other languages. It's very, very rare.)
They absolutely do. Here's an explosive script in golang (deliberately doesn't compile just in case) - running this in func main() will ruin your day most likely.
dirToRemove := "~/" + os.Getenv("BAD_ENV_VAR")
os.RemoveAll(dirToRemove
I can write one of these in bash, python, go, you name it.
> Problems like removing a large directory instead of a file
rm doens't do that unless you explicitly tell it to.
> Problems like removing a large directory instead of a file, creating your files on random places instead of the directory you pass on, or creating more files than you intended?
But yes, all of these can and do exist in other languages. Using python as an example, if you read an environment variable without checking it's set (as in the infamous steam bug) [0], you'll end up with pretty much the exact same behaviour. You can misindent your loop in python and not create/remove files that you intend to, or your script can have a syntax error halfway through and the interpreter will happily proceed until it halts, and leave you in a half baked state just like bash does.
