← Back to context Comment by Animats 18 hours ago Or worse sudo curl URL | bash 2 comments Animats Reply chii 12 hours ago made even worse by the fact that it's possible to detect a pipe vs just standard out display of the contents of curl, from the server side.This means the attack can be "invisible", as a cursory glance at the output of the curl can be misleading.You _have_ to curl with piping the output into a file (like | cat), and examine that file to detect any anomaly. boomlinde 9 hours ago > it's possible to detect a pipe vs just standard out display of the contents of curl, from the server sideThat sounded really interesting, so I looked it up and found this article from 2016 if anyone else is interested: https://web.archive.org/web/20250622061208/https://www.idont...
chii 12 hours ago made even worse by the fact that it's possible to detect a pipe vs just standard out display of the contents of curl, from the server side.This means the attack can be "invisible", as a cursory glance at the output of the curl can be misleading.You _have_ to curl with piping the output into a file (like | cat), and examine that file to detect any anomaly. boomlinde 9 hours ago > it's possible to detect a pipe vs just standard out display of the contents of curl, from the server sideThat sounded really interesting, so I looked it up and found this article from 2016 if anyone else is interested: https://web.archive.org/web/20250622061208/https://www.idont...
boomlinde 9 hours ago > it's possible to detect a pipe vs just standard out display of the contents of curl, from the server sideThat sounded really interesting, so I looked it up and found this article from 2016 if anyone else is interested: https://web.archive.org/web/20250622061208/https://www.idont...
made even worse by the fact that it's possible to detect a pipe vs just standard out display of the contents of curl, from the server side.
This means the attack can be "invisible", as a cursory glance at the output of the curl can be misleading.
You _have_ to curl with piping the output into a file (like | cat), and examine that file to detect any anomaly.
> it's possible to detect a pipe vs just standard out display of the contents of curl, from the server side
That sounded really interesting, so I looked it up and found this article from 2016 if anyone else is interested: https://web.archive.org/web/20250622061208/https://www.idont...