this post was submitted on 23 Feb 2026
177 points (98.4% liked)

Selfhosted

59955 readers
298 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
177
A sneaky demonstration of the dangers of curl bash (blog.k3can.us)
submitted 3 months ago* (last edited 3 months ago) by K3can@lemmy.radio to c/selfhosted@lemmy.world
80 comments fedilink hide all child comments
 

I set up a quick demonstration to show risks of curl|bash and how a bad-actor could potentially hide a malicious script that appears safe.

It's nothing new or groundbreaking, but I figure it never hurts to have another reminder.

you are viewing a single comment's thread
view the rest of the comments
[–] krispyavuz@lemmy.world 7 points 3 months ago (2 children)

Curl bash is no different than running an sh script you dont know manually…

[–] K3can@lemmy.radio 6 points 3 months ago

True, but this is specifically about scripts you think you know, and how curl bash might trick you into running a different script entirely.

[–] axx@slrpnk.net 1 points 3 months ago

No, it is different, as it adds an entire layer of indirection and unknown to the mix, increasing the risk in the process.