I only discovered this recently, and it’s very handy.
Piping scripts directly to bash is a security risk. You can always download the scripts, inspect them and run locally if you so choose.
I only discovered this recently, and it’s very handy.
Piping scripts directly to bash is a security risk. You can always download the scripts, inspect them and run locally if you so choose.
Heellll no, the scripts are publically available to read over if you’re sketched out. They save you so much time to actually get to using the service. 98% of my homelab is from these same helper scripts too.
RIP tteck
I don’t like that an adversary could modify that link or its contents without much detection or any logging.
When you compare it to package managers that have immutable versioning that’s a big downfall. If someone were modifying pypi or npm packages I would be surprised if it went undetected.
Realistically is that an issue, probably not. But I do try and reduce my exposure when I can.
Have you ever looked at what was once ttek scripts? They’re a spaghetti of calls to other scripts. It’s not pretty. And not intuitive to audit.
They work so what is your objection ?
If you are worried pipe it into chatgpt with the prompt
“tell me why this script is safe to use”
I thought I was being clear that I have audited some of the scripts. They are built referencing other scripts instead of functions, and these rely on URLs. It’s difficult to follow.
Don’t ask chatgpt to audit code.