Comment by ericpauley
7 years ago
This logic would be detectable to a user who reads the script. The goal here is to trick users who first inspect the script and then `curl | bash`
7 years ago
This logic would be detectable to a user who reads the script. The goal here is to trick users who first inspect the script and then `curl | bash`
If you downloaded the script to inspect it, why would you not just run the script that you downloaded?
That's the point. It's also possible that the remote script has been altered in the meantime. Therefore it's never advisable to download the script again after inspection.
There's more than one user. You don't want any of them to find the malicious code.
Web browser.