It’s probably possible to craft a script that looks innocuous line-by-line, but ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		eurasiantiger on April 14, 2021 \| parent \| context \| favorite \| on: Show HN: Run unknown shell script with a line-by-l... It’s probably possible to craft a script that looks innocuous line-by-line, but does something malicious as a whole.

Bender on April 14, 2021 [–]

Indeed. If the person does not understand why/what is encoded by things like xxd or base64 or using tr to swap/filter characters, then one should hopefully pull the eject lever. When in doubt, one can sandbox scripts and see what they are in effect trying to do.

cratermoon on April 15, 2021 | [–]

Or LFS=

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact