I do that regardless because I'm super paranoid about stuff like this but I'm really wondering if I'm not taking it a bit too far. I've also yet to run into any kind of attempt to pull a stunt like this in a very long time of activity so I'm wondering what the actual incidence is.
I generally find it worth it for the simple risk that you may end up breaking stuff without anything malicious on behalf of the site.
E.g. cut and paste a command and get a linebreak in the wrong location and the "rm -rf /var/tmp/foo" turns into "rm -rf /var/". Fun times.
These days I'm more and more often just spinning up temporary containers as well. Not so much for security as to avoid making a mess of my environment with all the stuff I'm testing. So trivial to start out with a "docker run --rm -t -i ubuntu -v /some/suitable/host/dir:/mnt /bin/bash -l" or similar to get a fresh container with a directory I can dump anything I decide I want to keep in.
I do not do that. I have copied and pasted git clone commands directly in my terminals many times. The questions is, for those who do it, how often you notice a malicious command and this saves your day.
I've never encountered a malicious command in the wild, but having the commands I execute saved in a "notes.txt" or a wiki page I keep to document whatever I'm doing at any given time, sure has saved my day more than once. Usually several days after, when I can look back at what I did and replicate, fix or enhance whatever procedure.
So if it also protects me against this, I say doubleplusgood.
jacquesm|10 years ago
vidarh|10 years ago
E.g. cut and paste a command and get a linebreak in the wrong location and the "rm -rf /var/tmp/foo" turns into "rm -rf /var/". Fun times.
These days I'm more and more often just spinning up temporary containers as well. Not so much for security as to avoid making a mess of my environment with all the stuff I'm testing. So trivial to start out with a "docker run --rm -t -i ubuntu -v /some/suitable/host/dir:/mnt /bin/bash -l" or similar to get a fresh container with a directory I can dump anything I decide I want to keep in.
yiyus|10 years ago
jarfil|10 years ago
So if it also protects me against this, I say doubleplusgood.