[VicPiMakers Projects] Copy/Paste into Terminal (don't)
Deid Reimer
deid at drsol.com
Tue Jun 4 11:12:50 PDT 2024
Hi Craig,
When I copy the offending line into vi I see:
git clone /dev/null; clear; echo -n "Hello ";whoami|tr -d '\n';echo -e
'!\nThat was a bad idea. Don'"'"'t copy code from websites you don'"'"'t
trust!
Here'"'"'s the first line of your /etc/passwd: ';head -n1 /etc/passwd
git clone git://git.kernel.org/pub/scm/utils/kup/kup.git
Which is concerning but not really dangerous.
When I copy and paste this into a terminal session I see:
Hello deid!
That was a bad idea. Don't copy code from websites you don't trust!
Here's the first line of your /etc/passwd:
root:x:0:0:root:/root:/bin/bash
deid at 32gig:~/gitstuff/kup$ git clone
git://git.kernel.org/pub/scm/utils/kup/kup.git
Note that the "evil" part runs without you entering a newline as it
supplies its own \n characters.
Moral, I think, paste everything into an editor first.
Or look at the source code - if you have the time and patience.
<p class="codeblock">
<!-- Oh noes, you found it! -->
git clone
<span style="position: absolute; left: -100px; top:
-100px">/dev/null; clear; echo -n "Hello ";whoami|tr -d '\n';echo -e
'!\nThat was a bad idea. Don'"'"'t copy code from websites you don'"'"'t
trust!<br>Here'"'"'s the first line of your /etc/passwd: ';head -n1
/etc/passwd<br>git clone </span>
git://git.kernel.org/pub/scm/utils/kup/kup.git
</p>
Or, give up and just have gin and tonic for breakfast.
Deid
On 2024-06-04 08:58, Craig Miller wrote:
> Hey folks, I found this, and hadn't seen it before. It has to do with
> hidden stuff on your screen, that pastes differently into your terminal.
>
> https://thejh.net/misc/website-terminal-copy-paste
>
> Copy and paste the example into an EDITOR (not your terminal) to reveal
> the "extra commands hidden in the line"
>
> Craig...
>
More information about the Projects
mailing list