156
"GitHub" Is Starting to Feel Like Legacy Software - The Future Is Now
(www.mistys-internet.website)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 13 Jul 2024
156 points (90.6% liked)
Open Source
30274 readers
305 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
A deb is just a zip file that gets unpacked to where your binaries go. A shell script you curl pipe into shell could contain literally any instructions
Binary packages have scripts (IIRC for .deb they are preinst/postinst to be run before/after installation and prerm/postrm before/after removal) that are run as root.
BTW the "unzip" part is also run as root, and a binary package can typically place stuff anywhere in your system (that's their job after all)... even if you used literal zip files they could still install a script in ways that would cause the OS to execute it.
Yeah I'm over simplifying on purpose here. The bottom line is piping into
shis dangerous