Skip to content

Comments

Update installation script URL for Azure CLI on Linux#5795

Open
Travisivart wants to merge 1 commit intoMicrosoftDocs:mainfrom
Travisivart:patch-1
Open

Update installation script URL for Azure CLI on Linux#5795
Travisivart wants to merge 1 commit intoMicrosoftDocs:mainfrom
Travisivart:patch-1

Conversation

@Travisivart
Copy link

We absolutely should not be using a vanity url for piping an install script to sudo bash. This opens up an attack vector in which anyone with access to update the vanity url could maliciously inject code into the users system. These vanity urls do not go through any sort of change management nor approvals. Any single individual with ownership of the url could make a change to point the url to a custom or private script which could then install malware or execute arbitrary code on the user's system.

We should update the documentation to point to the actual script, or use a method which requires more approval or change management to modify a script which we instruct users to run.

We absolutely should not be using a vanity url for piping an install script to sudo bash. This opens up an attack vector in which anyone with access to update the vanity url could maliciously inject code into the users system. These vanity urls do not go through any sort of change management nor approvals. Any single individual with ownership of the url could make a change to point the url to a custom or private script which could then install malware or execute arbitrary code on the user's system.

We should update the documentation to point to the actual script, or use a method which requires more approval or change management to modify a script which we instruct users to run.
@learn-build-service-prod
Copy link
Contributor

PoliCheck Scan Report

The following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans.

✅ No issues found

More information about PoliCheck

Information: PoliCheck | Severity Guidance | Term
For any questions: Try searching the learn.microsoft.com contributor guides or post your question in the Learn support channel.

@learn-build-service-prod
Copy link
Contributor

Learn Build status updates of commit 1ade4ca:

💡 Validation status: suggestions

File Status Preview URL Details
docs-ref-conceptual/Latest-version/includes/cli-install-linux-apt.md 💡Suggestion View (azure-cli-latest) Details

docs-ref-conceptual/Latest-version/includes/cli-install-linux-apt.md

  • Line 249, Column 3: [Suggestion: other-site-link-broken - See documentation] Link 'https://manpages.ubuntu.com/manpages/lunar/en/man5/apt.conf.5.html' points to a page that doesn't exist. Check the path or URL and update the link.

For more details, please refer to the build report.

Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.

@mikefrobbins
Copy link
Collaborator

@Travisivart, Thanks for raising this and for the detailed explanation.

Vanity URLs are used this way across multiple Azure CLI docs, so this goes beyond this single page. I’ve reached out to the Azure CLI PMs and engineering team for feedback and will follow up once I hear back.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants