As I don't typically audit Bash scripts, I'm trying to understand if this is standard practice or if there are potential risks.
Any insights would be appreciated!
I'm seeking honest feedback on whether this commit could be considered justified.
It seems a maintainer has, for some reason, inserted a domain within the script when it was previously just using the direct github hosted files.
Would you consider this harmless, or does it raise concerns?
The code in question appears to copy/sync files from GitHub every 3 hours and 47 minutes. Additionally, the downloaded files are granted root permissions during the process.
Here's the specific commit for reference:
[link] [comments]
from hacking: security in practice https://ift.tt/o7qRrji
Comments
Post a Comment