top | item 39867743

(no title)

bodyfour | 1 year ago

> I've long since said that if you want to hide something nefarious you'd do that in the GNU autoconf soup (and not in "curl | sh" scripts).

Yeah, I've been banging on that same drum for ages too... for example on this very site a decade ago: https://news.ycombinator.com/item?id=7213563

I'm honestly surprised that this autoconf vector hasn't happened more often... or more often that we know of.

discuss

Given that this was discovered by sheer luck, I'd expect way more such exploits in the wild.