问题
While I was reading the introduction to the Rust programming language, I came across the installation method which asks to use the following command
curl -sf -L https://static.rust-lang.org/rustup.sh | sudo sh
with a note of caution that this is not the most trusted way of installing an application. Can anybody provide me the details about how this command can be dangerous and are there any methods to protect yourself from its effects?
回答1:
Because you are giving root access to whatever script you are executing. It can do a wide variety of nasty things.
If Rust site is ever compromised and that script gets a tiny piece that installs malware silently, you wouldn't know, without inspecting the script first.
回答2:
As Daniel said plus few more reasons:
- if the script were provided to you over HTTP instead HTTPS, Man In The Middle attack can be performed by some evil 3rd Party. Using HTTPS you have at least confidence, that the script will be downloaded as-is from the site
- if the connection closes mid-stream, there may be executed partial commands, which were not intended to (and potentially dangerous). (see 1st link)
- you may also think that opening script in the browser to check if it's not evil will mitigate the risk. Unfortunately it will not, because site owner may show different content for browser User-Agents (see 2nd link)
How to properly mitigate risk then:
Ideally:
Use this approach when making changes on production server
curl -sf -L https://static.rust-lang.org/rustup.sh -o rustup.sh
less rustup.sh
chmod +x rustup.sh
sudo ./rustup.sh
Significantly better, but not perfect (but one-liner):
You can use this approach on dev machine / test server
su -c "curl https://static.rust-lang.org/rustup.sh -o rustup.sh && chmod +x rustup.sh && ./rustup.sh"
References:
- https://www.seancassidy.me/dont-pipe-to-your-shell.html
- https://jordaneldredge.com/blog/one-way-curl-pipe-sh-install-scripts-can-be-dangerous/
来源:https://stackoverflow.com/questions/29382739/why-using-curl-sudo-sh-is-not-advised