Comment by rezonant
2 years ago
Also, if entropy decides you are unworthy and the download dies after reading "rm -Rf /" instead of the full line "rm -Rf /tmp/setup" then you're going to have a bad time on any Linux that doesn't have preserve-root by default. Of course such deleterious incomplete command execution could take many forms.
This is trivially prevented by wrapping the body in a function that is executed only on the last line of the script. I don't think I've seen a "curl | sh" script in the wild that wasn't written that way.