Using curl is surprisingly secure if you have a secure entrusted target. An LLM could be safe the first 99 times and then randomly wipe your hard drive. It's basically the same thing as curl but just randomly picking what you download, like that one thing that picked random code from stack overflow
one thing to remember is that you can make a server respond one thing when a user does "curl <url>" and another thing when the users does "curl <url> | sh":
Also, if entropy decides you are unworthy and the download dies after reading "rm -Rf /" instead of the full line "rm -Rf /tmp/setup" then you're going to have a bad time on any Linux that doesn't have preserve-root by default. Of course such deleterious incomplete command execution could take many forms.
This is trivially prevented by wrapping the body in a function that is executed only on the last line of the script. I don't think I've seen a "curl | sh" script in the wild that wasn't written that way.
Yes but you could do something equivalent with a binary you download or some remote repository like a brew keg too. At the end of the day you need to decide whether you trust who you’re downloading from or not and ‘curl … | sh’ isn’t practically worse in any way I can think of.
> An LLM could be safe the first 99 times and then randomly wipe your hard drive.
So like, has anyone ever actually done enough fuzzing to see if this or other actually bad commands ever happen in practice, or are we just going on vibes here? I suppose its possible that you give it a text description to do something bad and it does, but I'm actually curious if this is just 'llms bad' vibes.
We live in times where you shouldn't use C or C++, because undefined behavior can eat your face and general memory safety issues, but at the same time let's pipe LLM output to your shell.
1) curl | sh
2) llm | sh