The malicious "rustdecimal" crate

Posted Jun 12, 2022 6:54 UTC (Sun) by marcH (subscriber, #57642)
In reply to: The malicious "rustdecimal" crate by nybble41
Parent article: The malicious "rustdecimal" crate

In general, "cmdA | cmdB" is not safe without "set -o pipefail".

Safety discussions are a bit ridiculous the moment you use a language that ignores errors by default. We love high level discussions about memory safety and borrow checkers but in the real world the problems often start much more mundane: many C programs discard errors and even when they don't the error handling code has never been tested.

The malicious "rustdecimal" crate

Posted Jun 12, 2022 21:38 UTC (Sun) by nybble41 (subscriber, #55106) [Link]

> In general, "cmdA | cmdB" is not safe without "set -o pipefail".

In the case of `curl | bash` the command isn't safe even *with* `set -o pipefail`. The problem isn't the exit status of the pipeline (which would typically be ignored in any case) but rather the fact that it runs the script *as it's being downloaded*, without ensuring that the entire script is available before the first command is executed, and even worse that the shell will attempt to execute the last line downloaded even it was truncated.