From: Willy Tarreau <w@1wt.eu>
To: David Laight <David.Laight@ACULAB.COM>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
Mark Brown <broonie@kernel.org>,
"linux-toolchains@vger.kernel.org"
<linux-toolchains@vger.kernel.org>,
Linux Kbuild mailing list <linux-kbuild@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: gcc 5 & 6 & others already out of date?
Date: Fri, 14 Oct 2022 07:27:56 +0200 [thread overview]
Message-ID: <20221014052756.GA21730@1wt.eu> (raw)
In-Reply-To: <406260e46943493781891c480e4f8b17@AcuMS.aculab.com>
On Fri, Oct 14, 2022 at 04:28:10AM +0000, David Laight wrote:
> From: Willy Tarreau
> > Sent: 13 October 2022 17:18
> ...
> > That's also the model where people routinely do:
> >
> > $ curl github.com/blah | sudo sh
>
> Anyone doing that wants their head examined....
Most of the time they have no clue what they're doing, they just
copy-paste installation instructions. You find hundreds of projects
documenting this as the installation procedure, often in the nodejs
world it seems, and the fist complaint in general is not that it's a
bad practise but that it doesn't work on Mac! Random examples from
google's first page:
https://gist.github.com/btm/6700524
https://github.com/rclone/rclone/issues/3922
https://gist.github.com/andrepg/71a15e915846acd41370e275eadb0478
https://github.com/shellspec/shellspec/blob/master/install.sh
This one looks like a trap, it searches from local vulnerabilities
and suggests to be installed like this:
https://github.com/carlospolop/PEASS-ng/blob/master/linPEAS/README.md
> I'm not sure I'd trust any source of files enough for that.
That's for a targetted audience.
> Maybe some things get run as root, and maybe they might
> do nasty things, but running random downloaded scripts
> is as bad as clicking on links in outlook.
Yes, or even despite a full end-to-end trust you still have the risk of
a truncated script, which you'd rather not face during rm -rf /tmp/blah.
Anyway we're getting out of topic here.
Willy
next prev parent reply other threads:[~2022-10-14 5:28 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-13 1:36 gcc 5 & 6 & others already out of date? Jason A. Donenfeld
2022-10-13 12:22 ` David Laight
2022-10-13 12:59 ` Mark Brown
2022-10-13 15:23 ` Jason A. Donenfeld
2022-10-13 16:18 ` Willy Tarreau
2022-10-14 4:28 ` David Laight
2022-10-14 5:27 ` Willy Tarreau [this message]
2022-10-13 16:26 ` Mark Brown
2022-10-13 16:37 ` Jason A. Donenfeld
2022-10-13 16:51 ` Willy Tarreau
2022-10-13 17:16 ` Mark Brown
2022-10-13 18:38 ` Florian Weimer
2022-10-13 20:23 ` Mark Brown
2022-10-14 6:15 ` Florian Weimer
2022-10-13 18:39 ` Florian Weimer
2022-10-13 21:03 ` Nick Desaulniers
2022-10-14 6:37 ` Florian Weimer
2022-10-13 21:08 ` Nick Desaulniers
2022-10-14 1:31 ` Jason A. Donenfeld
2022-10-14 11:13 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221014052756.GA21730@1wt.eu \
--to=w@1wt.eu \
--cc=David.Laight@ACULAB.COM \
--cc=Jason@zx2c4.com \
--cc=broonie@kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-toolchains@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).