This is the first lesson you have to learn as a Linux enthusiast, NEVER run commands you don’t know from the internet
“Nah, just curl this random web address and pipe it over to a sudo bash shell, everything will be fine!”
I hate how this is becoming the official install method for more and more shit. It’s like dude, really? You may as well stick your dick in a garbage disposal, both of those actions are equally safe.
You’re dreaming if you think I’m not going to wget it and read it to see what it does first.
As a lawyer I feel the same about people not reading contracts and signing stuff or just clicking the accept button. But hey, that’s just how it is unfortunately.
To be fair: This is what everyone expects when you install software for Windows. Just download a more or less “good looking” binary blob, execute it with administrative privileges and hope that it will do what you want it to do.
And never run commands copied from a web page, even if you do know them.
JavaScript’s copy/paste API means a website owner or an attacker can change the contents of your clipboard after you press copy, and you’ll end up pasting malicious commands into your shell. I think Firefox blocks this now, don’t know about Chrome.
Honestly you shouldn’t run commands on any OS if you don’t know what they are doing. An elevated powershell command or something on a Mac with SIP disabled (which some “tutorials” will call for) can also do horrible things to a machine
Also any automatic modification of config files (with echo and tee) can screw up your configuration without you knowing what it changed. It’s better to just edit config files while reading the comments inside or the man page.
This is the first lesson you have to learn as a Linux enthusiast, NEVER run commands you don’t know from the internet
“Nah, just
curl
this random web address and pipe it over to a sudo bash shell, everything will be fine!”I hate how this is becoming the official install method for more and more shit. It’s like dude, really? You may as well stick your dick in a garbage disposal, both of those actions are equally safe.
You’re dreaming if you think I’m not going to
wget
it and read it to see what it does first.As a lawyer I feel the same about people not reading contracts and signing stuff or just clicking the accept button. But hey, that’s just how it is unfortunately.
To be fair: This is what everyone expects when you install software for Windows. Just download a more or less “good looking” binary blob, execute it with administrative privileges and hope that it will do what you want it to do.
Even worse is when the bash script you downloaded is only there to do some uname checks and then download and execute more code from the internet
At least it’s transparent and often doesn’t require root, unlike say a debian package.
And never run commands copied from a web page, even if you do know them.
JavaScript’s copy/paste API means a website owner or an attacker can change the contents of your clipboard after you press copy, and you’ll end up pasting malicious commands into your shell. I think Firefox blocks this now, don’t know about Chrome.
Oh shit fr? That’s wild
Honestly you shouldn’t run commands on any OS if you don’t know what they are doing. An elevated powershell command or something on a Mac with SIP disabled (which some “tutorials” will call for) can also do horrible things to a machine
Also any automatic modification of config files (with
echo
andtee
) can screw up your configuration without you knowing what it changed. It’s better to just edit config files while reading the comments inside or theman
page.