You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Perhaps I'm off-base here, but when reading your profile I came across something that I thought was pretty awesome at first - but then I started thinking about how it might be abused.
I'm referring to the auto-update of the profile; While I definitely can see the value in automatically grabbing a new updated profile and installing it behind the scenes, there's security implications in this process, not to mention just general concerns that some users may not understand. This is a pretty solid profile - built on oh my posh so, so I imagine it's pretty popular. Unfortunately, this means if you were targeted in a hack and someone took over your GitHub account, they could easily distribute malicious code via this profile and simply launching PowerShell would potentially load this code on end user systems. Just something to consider. I know you provide steps on how to make it your own but in my experience some people may just install the default and not change it.
The text was updated successfully, but these errors were encountered:
https://github.com/ChrisTitusTech/powershell-profile/blob/main/Microsoft.PowerShell_profile.ps1#L54-L80
Perhaps I'm off-base here, but when reading your profile I came across something that I thought was pretty awesome at first - but then I started thinking about how it might be abused.
I'm referring to the auto-update of the profile; While I definitely can see the value in automatically grabbing a new updated profile and installing it behind the scenes, there's security implications in this process, not to mention just general concerns that some users may not understand. This is a pretty solid profile - built on oh my posh so, so I imagine it's pretty popular. Unfortunately, this means if you were targeted in a hack and someone took over your GitHub account, they could easily distribute malicious code via this profile and simply launching PowerShell would potentially load this code on end user systems. Just something to consider. I know you provide steps on how to make it your own but in my experience some people may just install the default and not change it.
The text was updated successfully, but these errors were encountered: