logoalt Hacker News

swiftcoderyesterday at 1:42 PM3 repliesview on HN

curl is only the sandbox if you don't then do anything with the byte stream.

Pipe it to bash? game over

Pipe it to less/more? Better hope your distro keeps those patched

Open the file in a browser or PDF reader? Hey, look at all this shiny new attack surface!

Replies

niijyesterday at 10:56 PM

curl is not anti-virus.

inigyouyesterday at 4:09 PM

Well yeah, that's true for any sandbox. If you pipe stuff outside of the sandbox, outside of any sandbox, and run it there, then you're not running it in a sandbox.

show 1 reply
layer8yesterday at 2:24 PM

How do you set up the sandbox without having downloaded anything from the internet? I guess there’s still places where you can buy Linux CDs.