Sad to see #rust developers defending the practice of piping CURL into SUDO BASH. Convenience shouldn't trump safety or security.
@postmodern_mod3 Downloading a nightly binary and clicking next/next/next is also executing untrusted code with sudo. What is the diff?
-
-
@wycats it requires more user interaction. You should be signing your binaries anyways! -
@postmodern_mod3 if the server is hacked, which is the vuln vector, the attacker can just upload a new binary with their own sig or no sig -
@wycats then the sig won't match the signing key, which should be in a separate VM.
End of conversation
New conversation -
-
-
@wycats the goal should be to isolate the use of root as much as possible. root should only be required to install the files.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@wycats `curl | sudo bash` puts the entire installation process under root. Can we agree this is not ideal? -
@postmodern_mod3 In order to seriously have this conversation, we need to first identify the threat model. -
@wycats let's instead focus on the problems of CURL | SUDO BASH.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.