-
-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
installer.sh - network resilient issue #45
Comments
thanks @Xon got an example ? fyi, the installer.sh is only 10kb in size |
This is probably the best description: https://www.seancassidy.me/dont-pipe-to-your-shell.html I'm not concerned about the security artefacts that people talk about with curl|bash, but ensuring the installer is reliable in the face of network interruptions. Making sure the code is inside a function definition, ensures the shell will not try to execute partially interrupted shell code. Better for it to error than execute who knows what. |
oh i see what you mean regarding the code inside installer.sh, i though you meant the command line itself or command itself heh most of installer.sh code is in functions https://github.com/centminmod/centminmod/blob/123.08stable/installer.sh i'll look at it more later :) |
👍 |
The recommended unattended install process is not resilient to network errors.
The commands after the curl will execute even if the network connection is interrupted. This will result in the arbitrary scripting being executed, which can result in expected and unknowable behaviour.
The recommended workaround is to ensure all code in a function definition, and as the very last statement execute the function wrapping the code.
The text was updated successfully, but these errors were encountered: