为什么使用curl |不建议使用sudo sh吗？ [英] Why using curl | sudo sh is not advised?

问题描述

我正在阅读 Rust编程语言简介，我遇到了要求使用以下命令的安装方法

While I was reading the introduction to the Rust programming language, I came across the installation method which asks to use the following command

curl -sf -L https://static.rust-lang.org/rustup.sh | sudo sh

请注意，这不是安装应用程序的最可靠方式。谁能提供给我有关此命令可能如何危险的详细信息，是否有任何方法可以保护自己免受其影响？

with a note of caution that this is not the most trusted way of installing an application. Can anybody provide me the details about how this command can be dangerous and are there any methods to protect yourself from its effects?

推荐答案

因为您授予对正在执行的任何脚本的root访问权限。它可以做各种各样的讨厌的事情。

Because you are giving root access to whatever script you are executing. It can do a wide variety of nasty things.

如果Rust站点曾经遭到入侵，并且该脚本中有一个很小的片段，它会以静默方式安装恶意软件，那么如果不先检查脚本就不会知道。

If Rust site is ever compromised and that script gets a tiny piece that installs malware silently, you wouldn't know, without inspecting the script first.

这篇关于为什么使用curl |不建议使用sudo sh吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！