this post was submitted on 18 Oct 2025
447 points (97.9% liked)
Linux
9948 readers
310 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Search for "sudo curl ...... | sh" and let me know how many hits you get.
Thats not random sketchy websites though.
I would say Linux users who install software from the web knows what sites to trust. The beginners use the app store.
No real Linux user fallacy.
Every time I see this a part of be dies inside. It is always a cursed install script that makes problematic changes to the system.
It's even worse. The server can detect if you are piping it straight into a shell or just downloading the file. It can then send different scripts based on that.
How can it see that? If possible, isn't that a flaw of curl? I don't see a good reason for the sever to know what you're doing with the file
Curl has a limited buffer and bash reads a line and then executes it, before reading the next line.
So first you need a command that takes time if executed. So a delay, downloading a big file, user input work. Next you fill up the buffer. Just your normal script. Maybe some comments etc.
Now the server can detect if after the first kB the stream stops.