curl is the sandbox. It exchanges packets with the internet and then outputs a safely sanitized byte stream.
curl is only the sandbox if you don't then do anything with the byte stream.
Pipe it to bash? game over
Pipe it to less/more? Better hope your distro keeps those patched
Open the file in a browser or PDF reader? Hey, look at all this shiny new attack surface!
alt Hacker News
curl is only the sandbox if you don't then do anything with the byte stream.
Pipe it to bash? game over
Pipe it to less/more? Better hope your distro keeps those patched
Open the file in a browser or PDF reader? Hey, look at all this shiny new attack surface!