If you can trick a user to run a command tool in a way that ends up causing the user problems, that is not a security problem in that tool.
-
If you can trick a user to run a command tool in a way that ends up causing the user problems, that is not a security problem in that tool.
Just saying. In case you're thinking of submitting such a report about a command line tool in your toolbox.
But surely no sane person would. Right? Right?
-
If you can trick a user to run a command tool in a way that ends up causing the user problems, that is not a security problem in that tool.
Just saying. In case you're thinking of submitting such a report about a command line tool in your toolbox.
But surely no sane person would. Right? Right?
the latest incarnation of this is someone saying that curl can be used to download a ".curlrc" into your $HOME and then curl might do bad things in subsequent invokes.
The first step is "just" to trick a user to run a curl command line doing the bad.
... if you can trick a user into running an arbitrary command, you can of course do so much more harm than just this.
-
the latest incarnation of this is someone saying that curl can be used to download a ".curlrc" into your $HOME and then curl might do bad things in subsequent invokes.
The first step is "just" to trick a user to run a curl command line doing the bad.
... if you can trick a user into running an arbitrary command, you can of course do so much more harm than just this.
@bagder You gotta be kidding..
