Sad to see #rust developers defending the practice of piping CURL into SUDO BASH. Convenience shouldn't trump safety or security.
@postmodern_mod3 What is your suggestion for a solution that will not be automated to execute arbitrary code.
-
-
@wycats a) split curl | sudo command in two b) link to the script, let user view/download/etc c) just recommend they install the binaries. -
@postmodern_mod3 Downloading a nightly binary and clicking next/next/next is also executing untrusted code with sudo. What is the diff? -
@wycats it requires more user interaction. You should be signing your binaries anyways! -
@postmodern_mod3 if the server is hacked, which is the vuln vector, the attacker can just upload a new binary with their own sig or no sig -
@wycats then the sig won't match the signing key, which should be in a separate VM.
End of conversation
New conversation -
-
-
@wycats by downloading to a file, it allows the user to review the script before/after running. -
@postmodern_mod3 Currently I see no obstacles at all for someone who wants to see the code. It’s not like the link is hidden. /cc@wycats -
@chebatron@wycats they still have to copy/paste the link. See my PR which adds an actual link: https://github.com/postmodern/rust-www/commit/4c7729c3dbd3286dd056d4f8e9d20803caf54887 … -
@postmodern_mod3 Most systems don’t even require it to put stuff in /usr/local or /opt. /cc@wycats -
@chebatron I am very curious about$HOME based FHS. It's come up with chruby, but I'm not sure if a defacto standard exists. -
@postmodern_mod3 FHS must admit that these days many systems have only one user (which is “sysadmin” too). -
@chebatron all OSes still require elevated privileges to install software, in order to prevent unwanted software installing itself. -
@postmodern_mod3 Only partially true. Say, homebrew doesn’t require sudo. - 8 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.