Blog

How to build a trustworthy curl pipe bash workflow

Undestand how security and convenience can go together.

Installing and configuring third-party software for managing instances is usually painful. It comes with a handful of requirements that need to be met to accomplish the simple task of just getting it to work.

Operous will offer you a method to configure your instance to be tested by us conveniently, which will not make you waste time not doing productive work. It is as simple as copying and pasting a concise command.

Curl

The method we are going to use is known as the “curl pipe bash” method. This particular method has had many discussions around it before, with very strong opinions both in favor and against it.

Many vendors offer such a method and also call it a “convenience script,” a name that indeed is a good fit and expresses its purpose.

Bellow, you can check out how simple and fast it is going to be to configure Operous on your instance:

Installer

This post will discuss the concerns security specialists usually have with running the "curl pipe bash" method and what we did to address them.

We believe convenience and security must work together

People believed that convenience is a trait that lives at odds with security. The harder it is to access your service, the safer it is.

This belief changed recently. We’re moving towards a consensus that in order to build a secure system, it needs to be convenient.

A practical example of the statement above is NIST changes regarding passwords: asking people to create longer, but easier to remember, passwords and change them less frequently (only when compromised) increases security.

Other advances in this realm are: easier to use multi-factor authentication and password managers with a good user experience. When enough effort is put into building something safe and convenient for users, the result is an increase in overall security and productivity.

We know that pushing complexity to the user is a path that must be avoided at all costs. We do careful engineering to accommodate that complexity to achieve both a safer and user-friendly product.

Our convenience script is all about simplifying complexity for you. We worked hard to move complexity away from you and into our product to achieve a more secure, fast, and effortless experience, so you don't waste time with non-productive work.

Considered issues

Now let’s take a deep dive into some technical considerations about our implementation, so you don't have to worry about them.

Man-in-the-middle Attack

Concern: An attacker between our web server and your instance could change the script’s content and inject code into the script, changing its behavior.

Solution: All of our content will be served with state of the art TLS (HTTP encryption). It won’t be possible to download the script nor access any of our pages through an insecure HTTP connection, significantly reducing the risk of content tampering.

Hidden text attack

Concern: Current JavaScript clipboard API allows a script to change a copied text’s content without any confirmation or warnings. This could be used to make you run something in your shell different from what you think you copied on our website.

Solution: We have absolutely no reason whatsoever to trick our users like that. JavaScript injection by a third party through content tampering is protected by TLS (HTTP encryption).

Client detectiion attack

Concern: Make a web server return distinct responses based on the request User-Agent or through other client detection methods. The script you’d see in your browser might not be the same downloaded on your instance.

Solution: Again, we have no reason to do such a thing. Nevertheless, in addition to serving our content through TLS, a checksum will be available alongside the script so you can download and validate the script with the checksum before running it.

Partial content and network issues

Concern: A network error between the script source and the Curl agent could result in an incomplete download, which would result in partial execution of the script. That is indeed dangerous because any incomplete command could be executed.

Solution: We addressed this concern by wrapping the script “body” inside a function that is called at the very end. If something wrong really happens, the script will only define some functions but doesn’t do anything.

Compromised web server

Concern: Even using TLS to serve all content, there might still be room for tampering with the script content by exploiting a vulnerability on the web server and changing its configuration to serve a different script. A similar attack could be made with a supply-chain attack or exploiting some library vulnerability.

Solution: Our infrastructure is automated to ensure we’re always running up to date software. We’ll also constantly audit the libraries we use in our application to avoid known vulnerabilities.

We’ll also rely on a separate system that will continuously monitor the script by downloading it and checking the served content against the expected checksum. If this breach ever happens, we’ll be able to cross the monitoring data with our audit events to inform users that may have downloaded a rogue script.

Conclusion

Achieving convenience and security at the same time is not an easy feat.

Operous method for registering a instance with a single and concise command is part of our strategy to make you get results from our tests on your instances as fast as possible.

Installing third-party software does not have to be a hassle. Operous will make it easy to configure the instance to be tested.

With our convenient script developed from scratch, you will test your instances quickly and effectively.

References

Security vs. Convenience Is curl | bash insecure Friends don't let friends Curl | Bash Don't Pipe to your Shell copy-paste-shell Piping curl to s(hell) Curl to shell isn't so bad Detecting the use of "curl | bash" server side Why curl | sudo bash is good

  • security
  • instances
Proactively solve your instance configuration problems

Part of your team

Poorly configured instances are a large cause of incidents and impacts on application availability. Containers or virtual machines, on-premise or public cloud, we help you achieve effective operation.

Scale the capacity of your development team with automation of security settings

Automated assessment

Operous directs your team to act only in what is necessary and essential, bringing insights about your instances.

Visibility for all

No matter if your instance is on-premise or public cloud, we bring indicators to scale management and ensure assertive visibility.

Tranquility for the team

Rely on our service to continuously inform your team about your instances current state and plan improvements without complications.

Save hours, nights, and even weekends by incorporating risk reduction into your CI/CD flow

Increase your development team’s efficiency using Operous to automatically and continuously guarantee instance configuration security and best practices.

Sign up and stay informed about Operous