curl: add support for a "--rootme" command line parameter

[lamby]

Passing this parameter will download the specified URLs and execute them via sudo(8) using sh(1), saving countless keystrokes when installing modern software.

For example:

$ curl --rootme https://people.debian.org/~lamby/install.sh

Is equivalent to:

$ curl -qs https://people.debian.org/~lamby/install.sh | sudo sh -

Errors that occur when executing sudo(8) are marked with new CURLE_ROOTME internal error code (94), otherwise we wrap the return code of the executed script itself.

[badboy]

This would simplify the installation of rustup.rs quite a bit.

[badboy]

This would simplify the installation of rustup.rs quite a bit.

[cym13]

What if sudo isn't present on the machine? Shouldn't curl be less platform dependent and write its own escalation function? That could also lead to having this scheme work on windows with non-trivial effects on the market. Imagine if everybody could just "curl --rootme URL" instead of dealing with lengthy installers and such?

[cym13]

What if sudo isn't present on the machine? Shouldn't curl be less platform dependent and write its own escalation function? That could also lead to having this scheme work on windows with non-trivial effects on the market. Imagine if everybody could just "curl --rootme URL" instead of dealing with lengthy installers and such?

[CuriousA62A2A]

Wow, this is not only a bad idea it's also completely solveable with a very simple bash script for those who want to go this route.
Let's not put this trap into curl, it's simply a really bad idea.

[CuriousA62A2A]

Wow, this is not only a bad idea it's also completely solveable with a very simple bash script for those who want to go this route.
Let's not put this trap into curl, it's simply a really bad idea.

[Anntoin]

Could have curl -rm as the short form.

[Anntoin]

Could have curl -rm as the short form.

[imnotbad]

I honestly can't tell if this is a joke or not.

Not only is this a horrific idea to begin with, it also makes cURL more platform dependant. If you want to download random scripts from the internet and execute them as root automatically you can do that very simply already using any type of shell scripting (even windows cmd allows this). Adding a command that does this automatically is borderline out of scope for cURL and presents a large security risk to users anyway.

I'm honestly not sure why anyone would think this is a good idea. even if it saves you ~1 second of typing it's at the expensive of all of your system security. This is without mentioning the fact that a lot of shell scripts are not designed to be run as the root/admin user anyway.

[imnotbad]

I honestly can't tell if this is a joke or not.

Not only is this a horrific idea to begin with, it also makes cURL more platform dependant. If you want to download random scripts from the internet and execute them as root automatically you can do that very simply already using any type of shell scripting (even windows cmd allows this). Adding a command that does this automatically is borderline out of scope for cURL and presents a large security risk to users anyway.

I'm honestly not sure why anyone would think this is a good idea. even if it saves you ~1 second of typing it's at the expensive of all of your system security. This is without mentioning the fact that a lot of shell scripts are not designed to be run as the root/admin user anyway.

[citrus-it]

Could have curl -rm as the short form.

Maybe have that for the form that execs sudo or pfexec (platform dependant) but have a faster internal implementation --root-me-really-fast, or -rm-rf for short.

[citrus-it]

Could have curl -rm as the short form.

Maybe have that for the form that execs sudo or pfexec (platform dependant) but have a faster internal implementation --root-me-really-fast, or -rm-rf for short.

[ajgon]

but have a faster internal implementation --root-me-really-fast, or -rmrf for short.

I like the idea! Also, let's add --no-preserve-root to ensure, when command is finished the user will be still in a root shell.

[ajgon]

but have a faster internal implementation --root-me-really-fast, or -rmrf for short.

I like the idea! Also, let's add --no-preserve-root to ensure, when command is finished the user will be still in a root shell.

[dw]

I find the naming of the parameter somewhat unnecessarily abrasive, perhaps we can encourage more inclusivity and comfort with a name like "--easy-install". There's no need to scare away new users!

[dw]

I find the naming of the parameter somewhat unnecessarily abrasive, perhaps we can encourage more inclusivity and comfort with a name like "--easy-install". There's no need to scare away new users!

[CuriousA62A2A]

Oh I get it now. This was the best April's fools in quite a while. I totally fell for it.

[CuriousA62A2A]

Oh I get it now. This was the best April's fools in quite a while. I totally fell for it.

[MarcelRaad]

Great idea! I wonder why we haven't had that in TODO.

[stephenreay]

let's add --no-preserve-root

How about scanning the script for any invocations of rm or /bin/rm and passing --no-preserve-root to them too, while we're at it.

[stephenreay]

let's add --no-preserve-root

How about scanning the script for any invocations of rm or /bin/rm and passing --no-preserve-root to them too, while we're at it.

[diooktput]

I hope that option will give me a critical warning first, although it can be overridden.

[diooktput]

I hope that option will give me a critical warning first, although it can be overridden.

[stephenreay]

I hope that option will give me a critical warning first, although it can be overridden.

We're past the point of warnings here.

[stephenreay]

I hope that option will give me a critical warning first, although it can be overridden.

We're past the point of warnings here.

[namtabmai]

There seem to be a few people who are concerned with security around this issue. Wouldn't it be wise to implement the parameter

--no-rootme

which completely disables this feature.

You can then make the --rootme the default action.

[namtabmai]

There seem to be a few people who are concerned with security around this issue. Wouldn't it be wise to implement the parameter

--no-rootme

which completely disables this feature.

You can then make the --rootme the default action.

[lorkki]

This would simplify the installation of rustup.rs quite a bit.

Alas, rustup won't benefit from this feature since it's not meant to be installed as root.

[lorkki]

This would simplify the installation of rustup.rs quite a bit.

Alas, rustup won't benefit from this feature since it's not meant to be installed as root.

[imnotbad]

i hate this day

[imnotbad]

i hate this day

[badboy]

@lorkki you speak for you. Things not meant to be used does not mean people are not using it at all.

[badboy]

@lorkki you speak for you. Things not meant to be used does not mean people are not using it at all.

[moparisthebest]

I think this should imply --insecure to save even more keystrokes.

[moparisthebest]

I think this should imply --insecure to save even more keystrokes.

[Anntoin]

I think the general consensus is clear. Not only would this change be a great usability improvement. It sets the groundwork for curl to become the de-facto linux & osx package management tool.

[Anntoin]

I think the general consensus is clear. Not only would this change be a great usability improvement. It sets the groundwork for curl to become the de-facto linux & osx package management tool.

[ryukinix]

HOLY FUCK, this is serious???? What are you doing?

[ryukinix]

HOLY FUCK, this is serious???? What are you doing?

[rohan-molloy]

I like the idea of having a built in option that does the following

1. Download to temporary file
2. sh $temp
3. delete temporary file

The option should also have an optional argument for integrity checking (hash)

I think the sudo component is very problematic and anything relating to privilege escalation is well outside of curl's scope

(lol forgot it's April 1 on the other side of the world)

[rohan-molloy]

I like the idea of having a built in option that does the following

1. Download to temporary file
2. sh $temp
3. delete temporary file

The option should also have an optional argument for integrity checking (hash)

I think the sudo component is very problematic and anything relating to privilege escalation is well outside of curl's scope

(lol forgot it's April 1 on the other side of the world)

[ghost]

I can't thing of a single better addition to curl than this pull request. This will fast track YOTLD tenfold and we will all look back and know it started today, on April 1st, 2018.

[ghost]

I can't thing of a single better addition to curl than this pull request. This will fast track YOTLD tenfold and we will all look back and know it started today, on April 1st, 2018.

[jlozadad]

@CuriousA62A2A woosh if not then u forgot /s lol

[jlozadad]

@CuriousA62A2A woosh if not then u forgot /s lol

[jochem]

Regarding the comment of @dw about naming of the parameter "--easy-install": easy_install has been available as software to install Python packages over HTTP since 2004. I'm afraid naming a parameter for installing software using curl after another software installer would lead to mass confusal, unless we actually make curl able to run easy_install as well on the URL provided. Giving this more thought, I'd be absolutely delighted to also be able to do things like curl --dpkg-install http://somethingsomething.deb (of course sudo is implied here).

[jochem]

Regarding the comment of @dw about naming of the parameter "--easy-install": easy_install has been available as software to install Python packages over HTTP since 2004. I'm afraid naming a parameter for installing software using curl after another software installer would lead to mass confusal, unless we actually make curl able to run easy_install as well on the URL provided. Giving this more thought, I'd be absolutely delighted to also be able to do things like curl --dpkg-install http://somethingsomething.deb (of course sudo is implied here).

[CuriousA62A2A]

@jlozadad I got much clearer when I had a nap and checked the date ;)

[CuriousA62A2A]

@jlozadad I got much clearer when I had a nap and checked the date ;)

[ryukinix]

Close this cancer, please

[beren12]

Make it simple for people. Just use the exploit du jour and auto escalate to root every time.

[beren12]

Make it simple for people. Just use the exploit du jour and auto escalate to root every time.

[NeilHanlon]

lgtm. Merge it

[NeilHanlon]

lgtm. Merge it

[geofft]

This is failing CI on macOS because WEXITSTATUS apparently expects its argument to be an lvalue (??). Also more relevantly, a) WEXITSTATUS isn't meaningfully defined if WIFEXITED isn't true: if it died from a signal you'll get some mangled version of the signal number and b) it's not usable as a curl error anyway. Try something like

int wstatus = pclose(outs.stream);
if (!result && (!WIFEXITED(wstatus) || WEXITSTATUS(wstatus) != 0)) {
    result = CURLE_WRITE_ERROR;
}

which matches the cases below.

[feakuru]

This thread is so awesome! I love github so much! You are the best, guys! Haven't had this kind of laugh in a long while

P. S. There's something white on your shoulder 😉

[feakuru]

This thread is so awesome! I love github so much! You are the best, guys! Haven't had this kind of laugh in a long while

P. S. There's something white on your shoulder 😉

[gfriloux]

This is so wrong.
It's not curl that should call sudo, but sudo that should call curl :
sudo http://victim.org/foo.sh
And sudo would detect its an URL, download script, and execute.
This would be a lot more convenient.

It may even be the shell that should be able to execute commands based on scripts/binaries that are stored remotely, so people not using sudo could execute them too, when already in a root shell.

[gfriloux]

This is so wrong.
It's not curl that should call sudo, but sudo that should call curl :
sudo http://victim.org/foo.sh
And sudo would detect its an URL, download script, and execute.
This would be a lot more convenient.

It may even be the shell that should be able to execute commands based on scripts/binaries that are stored remotely, so people not using sudo could execute them too, when already in a root shell.

[beren12]

The sad part of this really is that people are told to do this with certain software, and others think it's ok.

[beren12]

The sad part of this really is that people are told to do this with certain software, and others think it's ok.

[vaygr]

Just make sure that OpenBSD's doas is also supported. Portability matters! Plus, 1 extra port is always better than 2 extra ports :)

EDIT And Window' runas. Could actually be useful to lower the access-rights.

[vaygr]

Just make sure that OpenBSD's doas is also supported. Portability matters! Plus, 1 extra port is always better than 2 extra ports :)

EDIT And Window' runas. Could actually be useful to lower the access-rights.

[gfriloux]

Replace with #endif

[ahmadnassri]

🍿

[ahmadnassri]

🍿

[bagder]

Thank you everyone for playing. I'm happy to see that the CI finally turned green for this set and that so many of you found your way to the curl github repo, expressed your opinions and shared your concerns. I hope this will lead to some real PRs down the line in addition to more April Fool's pranks!

This particular PR is hereby closed.

[bagder]

Thank you everyone for playing. I'm happy to see that the CI finally turned green for this set and that so many of you found your way to the curl github repo, expressed your opinions and shared your concerns. I hope this will lead to some real PRs down the line in addition to more April Fool's pranks!

This particular PR is hereby closed.

[lamby]

@bagder My pleasure, and thanks for being such a good sport :)

[lamby]

@bagder My pleasure, and thanks for being such a good sport :)

[arjamizo]

Can we also have this for mobiles devices (Android and iOS)?

[arjamizo]

Can we also have this for mobiles devices (Android and iOS)?

[xdgc]

Also, as a representative of the financial service sector, I would like TLS1.3 session keys automatically sent to a designated multicast address.

[xdgc]

Also, as a representative of the financial service sector, I would like TLS1.3 session keys automatically sent to a designated multicast address.

[tzvetkoff]

Also, please integrate known (and not known) rootkits so we don't bother setting up sudoers.d or making the binary SUID or whatever. 🤣

[tzvetkoff]

Also, please integrate known (and not known) rootkits so we don't bother setting up sudoers.d or making the binary SUID or whatever. 🤣