Chris Hepner

1 pages tagged with "security"

Owning "curl | sh" for Fun and Profit

June 14, 2015 - 543 words - 3 mins
If you're a web developer, you've probably seen sites asking you to install their software package like so: curl -s http://example.com/install.sh | sh There are a number of subtle problems with piping a HTTP response into the shell (for example, if your connection is interrupted part-way through t… read more