.png)
cursh Used AI
Uses trust lists , heuristics and trust metrics to make `curl | sh` safer.
(NOTE: AI WAS ONLY USED TO MAKE THE TRUST LIST)
Many apps, even popular ones like Rust, use installation scripts like so in linux:
curl -fsSL | sudo bash
This is equivalent to getting a script from the internet, not seeing the code or verifying it, then executing it with the highest level of permissions possible.
Clearly this is very unsafe. But these scripts are packaged as "easy install scripts" and sometimes its the default way to install the app.
Now that linux is being more popular among novice users because of windows 10 EOL, this is a bigger problem.
Cursh attempts to solve this by using a list of trusted URLs as well as heuristics and trust metrics.
Followers
YogyaChugh
Check their projects out: Western Upside-Down Island, WEBELO, Vote Leaderboard, WEBBER, Timberly
Ship Your Project
Get ready!
Once you ship this you can't edit the description of the project, but you'll be able to add more devlogs and re-ship it as you add new features!
Timeline
Added an extra feature and also made the list more comprehensive.
I added another feature: external SHA sums. Basically, until enough people use this software, most install scripts wont have the SHA256 sum in the format. So, for trusted scripts, the SHA256 sum was generated for each script. This means integrity checking can work on any trusted script, not just the ones which follow the format. I successfully installed Rust on my WSL with this as a demo.
All Done!
Now its fully functional. Install by following the README and use like so:
cursh <url>
or
sudo cursh <url>
if it needs sudo.
Made the script
Now I need to:
1) make it into a pypi package
2) add more trusted sources
Made a database of trusted programs (this is not the only heuristic used to detect unsafe scripts)
