Hacker News new | past | comments | ask | show | jobs | submit login

Yes that's why you shouldn't run curl | sh commands without double or tripple checking. Even without this exploit. Check the scripts that are being downloaded and check if this script you download is really the same as for example in the git repo.



Pasting anything what so ever in the shell is a vuln if you are on a system where untrusted programs can set the clipboard. Even typing "echo <ctrl+shift+v>". And no, it's not detectable either.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: