|
|
Subscribe / Log in / New account

Undefined Behaviour as usual

Undefined Behaviour as usual

Posted Feb 23, 2024 16:58 UTC (Fri) by JoeBuck (subscriber, #2330)
In reply to: Undefined Behaviour as usual by tialaramex
Parent article: Stenberg: DISPUTED, not REJECTED

Everything you say here is correct in that the bugs should be fixed. However, we live in a world where people are encouraged by many software distributors to do

curl https:// some.domain / who_knows_what_this_is.sh | sh

and sometimes they are told to become root first. Compared to the possible negative consequences of that, other security issues with Curl are in the noise.

to post comments

Undefined Behaviour as usual

Posted Feb 23, 2024 17:19 UTC (Fri) by wtarreau (subscriber, #51152) [Link]

Yeah and it doesn't take long to even find examples of "curl -k ... | sh", that users sometimes fail to use because they place sudo on curl not bash, until being suggested to do so... I totally agree that this *this* is a real problem and it's a cultural problem, not easy to fix via just filing a CVE.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds