Techniques like this could make curl|bash more prone to malicious activity: https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-b...

You're running untrusted binaries anyway in the end, so I don't think this is anything more than a neat party trick.

But this technique lets you serve malicious code to a small number of people using curl|bash, rather than hosting obviously-bad binaries that anyone can inspect and call you out on. It also lets you target the attack to specific users or IP blocks.

The previous HN discussion said it better than I can: https://news.ycombinator.com/item?id=17636032

Moreutils has two programs that would trivially defeat this:

`sponge` reads the full input before passing it on

`vipe` inserts your editor inline, so you can view/modify the input before passing it on to bash (change an install directory, etc)