Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Change example for the -F file uploading option #752
I'd hold back a bit on the "verys", since the
If a user actually would be tricked by the curl man page to send his/hers actual passwords over HTTP to a remote server, that user won't be saved by this edit.
But okay. For the remote possibility that we someone would encourage silly behaviors with this example I don't mind changing it to something more benign. I would however prefer not to use a dot file and not a vimrc basically since it isn't a known file to many users. I'll instead modify your update to use an image file.
Thanks to both of you. I noticed that mypasswd.com was registered possibly after this example was put into the man pages. I couldn't find the exact date as the repo logs don't go back that far. Had you ever had any encounters with the domain owner Griffin de Luce? Looks like he wasn't a contributor or anything and eventually lost interest in harvesting /etc/passwd files from this example. My guess is that very few people ever really ran this so the problem is minimal. But I'm glad its fixed.
BTW, putting encrypted hashes into /etc/shadow was still an option in some versions of Linux in the late 90s at least. I remember Red Hat Linux had an option for enabling it and the default was not to enable it. So there could have been some password hash leakage, albeit, a long time ago.
I honestly doubt anyone, ever, ran that command line verbatim. Well, until now when about 7 users had to try it out when they learned about this man page example.
I don't know Griffin and he/she has never been involved in the curl project as far as I can recall. I've never tried that command line myself and I've never visited that domain. I don't believe that the domain was registered or used because of that appearance in our docs.