Look before you paste from a website to terminal

lxskllr · Jan 26, 2017

http://lifepluslinux.blogspot.mk/2017/01/look-before-you-paste-from-website-to.html

Found via reddit. Clever way of spreading mischief and malware.

whm1974 · Jan 26, 2017

Yeah you should read any commands very fully before you copy and paste. In fact the best advice is to type it in yourself to force you to double check it.

Red Squirrel · Jan 27, 2017

Yep I remember reading on that.

One evil thing one could do is a "rm -rf / &" that spawns as a separate background process. Even as a non privileged user that is going to do serious damage and it will delete mostly everything on every mounted volume you have, your entire user profile, etc. Chances are you will have read/write access to most of the stuff you use day to day, since, what would be the point of mounting those in the first place if you are not giving yourself access to it. Ex: you don't want to keep having to run programs as another user just to save to your storage share, so you'll have it set so you have rw access.

dave_the_nerd · Jan 28, 2017

I don't often tumblr, but when I do...

https://curlpipesh.tumblr.com

dave_the_nerd · Jan 28, 2017

whm1974 said:
Yeah you should read any commands very fully before you copy and paste. In fact the best advice is to type it in yourself to force you to double check it.

I go further. I don't enter a command unless I know what it's going to do.

whm1974 · Jan 28, 2017

dave_the_nerd said:
I go further. I don't enter a command unless I know what it's going to do.

That is even better advice. Always check the man pages first.

Murloc · Jan 29, 2017

interesting.

I admit to copying and pasting stuff but it was from a company forum and I was working in a virtual machine so I didn't care much, I was also careless about sudo for that reason.

Those websites suggesting to install with curl www.blabla.com | sh clearly aim at ease of use but it's small software project websites, susceptible to getting hacked. They often do provide a link to the github page if you're security conscious though, that not being the default otpion doesn't promote correct behaviour of course.
I guess they're taking the risk, for the advantage of being easy to install.

When I first saw it I searched it because I want to learn more about bash and linux, so I found out about the obvious dangers of using it (I've had software install updates from a hacked website in the past so I'm suspicious about this stuff).

John Connor · Jan 31, 2017

Since Linux is not my forte, I shall do this in Notepad ++ from now on.

So, the lesson here is, make sure that you paste code snippets from untrusted sources onto a text editor before executing it.

Search

Look before you paste from a website to terminal

lxskllr

No Lifer

whm1974

Diamond Member

Red Squirrel

No Lifer

dave_the_nerd

Lifer

dave_the_nerd

Lifer

whm1974

Diamond Member

Murloc

Diamond Member

John Connor

Lifer

TRENDING THREADS