Comment by inigyou
8 hours ago
curl is the sandbox. It exchanges packets with the internet and then outputs a safely sanitized byte stream.
8 hours ago
curl is the sandbox. It exchanges packets with the internet and then outputs a safely sanitized byte stream.
curl is only the sandbox if you don't then do anything with the byte stream.
Pipe it to bash? game over
Pipe it to less/more? Better hope your distro keeps those patched
Open the file in a browser or PDF reader? Hey, look at all this shiny new attack surface!
Well yeah, that's true for any sandbox. If you pipe stuff outside of the sandbox, outside of any sandbox, and run it there, then you're not running it in a sandbox.
How do you set up the sandbox without having downloaded anything from the internet? I guess there’s still places where you can buy Linux CDs.