can't you just do curl|more and then view what it's going to do? Then, once you're convinced, go back to curl|sh.
/just guessing, haven't tried it
can't you just do curl|more and then view what it's going to do? Then, once you're convinced, go back to curl|sh.
/just guessing, haven't tried it
A malicious server could detect whether the user is actually running "curl | sh" instead of just "curl" and only serve a malicious shell script when the code is executed blindly. See this thread for reference: https://news.ycombinator.com/item?id=17636032
well you still have to execute the shell script at some point. You could do curl > install.sh, open it up to inspect, and then run the install script which would still trigger the callback to the server mentioned in the link you posted. I guess it's really up to the user to decide what programs to run and not run.