Menu
While I was reading the introduction to the Rust programming language, I came across the installation method which asks to use the following command
curl -sf -L https://static.rust-lang.org/rustup.sh | sudo sh
with a note of caution that this is not the most trusted way of installing an application. Can anybody provide me the details about how this command can be dangerous and are there any methods to protect yourself from its effects?
315
Ignoring the method being used (the API is more robust, and current method could break if they change the login), CURL is as secure as any standard request from a browser.
The curl command transfers data to or from a network server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). It is designed to work without user interaction, so it is ideal for use in a shell script.
We might have come across errors like “curl: command not found” while working in the terminal. This type of error comes due to only one reason: the relevant package is not installed. Curl is a very popular data transfer command-line utility used for downloading and uploading data from or to the server.
The command sudo apt-get install curl means you are going to download and install curl into your system. So when you use sudo and every time you use sudo you will be asked for your password to ensure that you have permissions to do things for your system.
Because you are giving root access to whatever script you are executing. It can do a wide variety of nasty things.
If Rust site is ever compromised and that script gets a tiny piece that installs malware silently, you wouldn't know, without inspecting the script first.
169
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
