Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
heinrich5991
on Nov 9, 2019
|
parent
|
context
|
favorite
| on:
Curl to shell isn't so bad
That looks vulnerable to MITM since it doesn't use HTTPS. Indeed, I just looked it up, it's not in the HSTS preload lists of any browser:
https://www.ssllabs.com/ssltest/analyze.html?d=get.docker.co...
.
tln
on Nov 9, 2019
[–]
FWIW docker doesn't publicize those instructions, they give:
curl -fsSL https://get.docker.com -o get-docker.sh sh get-docker.sh
And, it's the only one of the examples listed in the article that doesn't pipe to shell.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
