nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqngmy0tkem050emuld2lh6d9rlxsct6mp8l8esmqfjrew22z5ku5sysk9w3 (nprofile…k9w3) How does this differ from downloading and installing some binary package from a random source? Or even, running “make install” on some source package?
They all can run arbitrary commands on a system.
You could argue curl-pipe-shell is better because it isn’t hiding the dangers in some innocent looking thing.
Martin Hoffmann
npub1ag…cdzw4
2025-02-19 08:13:05 UTC
in reply to nevent1q…wfar
Author Public Key
npub1agspj7v8jky9aw3u2jsawdyueh2plje2nsq3jc9e6wj73l7yn0lqdcdzw4Seen on
wss://relay.mostr.pubPublished at
2025-02-19 08:13:05 UTCEvent JSON
{
"id": "d14c1c8273a8dd51efd0272c90ec6ff5b2a244bfdbfc06cbffcf2dc0505ec469",
"pubkey": "ea2019798795885eba3c54a1d7349ccdd41fcb2a9c011960b9d3a5e8ffc49bfe",
"created_at": 1739952785,
"kind": 1,
"tags": [
[
"p",
"9a3647aed9dbe8fcef9f6abf7d34a3f9a185eb613fcf986c0990f2e52854b729",
"wss://relay.mostr.pub"
],
[
"p",
"c1fc3d819699d21c77bb73a283ce53f296a8d2147f740685a35a9d4396acc1fa",
"wss://relay.mostr.pub"
],
[
"e",
"5fff66d14ade567c61111e7a255b531604a3186d507da7460217d375ede8e604",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://social.tchncs.de/users/partim/statuses/114029545773535366",
"activitypub"
]
],
"content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqngmy0tkem050emuld2lh6d9rlxsct6mp8l8esmqfjrew22z5ku5sysk9w3 How does this differ from downloading and installing some binary package from a random source? Or even, running “make install” on some source package?\n\nThey all can run arbitrary commands on a system.\n\nYou could argue curl-pipe-shell is better because it isn’t hiding the dangers in some innocent looking thing.",
"sig": "b12934c399639a6101e4dd184463f5a0a74b9068b9ca8cf5cc0b4616f71ceb96fda31b5cd64b922ad8674fe0808b164029dbc73c295abfdad73e5dedcfb3d030"
}