Comment by windows_tips
7 years ago
>in a way that they don't stand a chance of detecting by inspection (or of having proof of after the fact)
What do you mean? They could `tee` curl output to a file (or elsewhere, for archives). They could also suspend passing the output to bash until they've verified the output (perhaps they would run a hash function and compare the result).
Then that wouldn't be 'curl | bash'.
curl | ... bash
The point of the article is apparently that the server can distinguish "curl | ... | bash" from "curl | bash".