TP-SHELL-UNSAFE: Ollama Installer Downloaded Without Integrity Check #574
Description
TP-SHELL-UNSAFE: Ollama Installer Downloaded Without Integrity Check
| Field | Value |
|---|---|
| Severity | Medium |
| CWE | CWE-494 (Download of Code Without Integrity Check) |
| File | install.sh |
| Lines | 189, 196 |
| Function | install_or_upgrade_ollama() |
| Status | Commented out in main() (line 398) |
Description
The Ollama installer is downloaded from https://ollama.com/install.sh and piped directly into sh without verifying its integrity. If the remote host were compromised, or a man-in-the-middle attack occurred, arbitrary code would execute with the user's privileges.
This is an inconsistency within the same file — the nvm installer (lines 118-143) already implements the correct pattern: download to a temp file, compute SHA-256, compare against a pinned hash, execute only on match.
Vulnerable Code
# install.sh:181-217 (vulnerable lines shown; ollama pull block at 204-216 omitted)
install_or_upgrade_ollama() {
if detect_gpu && command_exists ollama; then
local current
current=$(get_ollama_version)
if [[ -n "$current" ]] && version_gte "$current" "$OLLAMA_MIN_VERSION"; then
info "Ollama v${current} meets minimum requirement (>= v${OLLAMA_MIN_VERSION})"
else
info "Ollama v${current:-unknown} is below v${OLLAMA_MIN_VERSION} — upgrading…"
curl -fsSL https://ollama.com/install.sh | sh # ← line 189, no integrity check
info "Ollama upgraded to $(get_ollama_version)"
fi
else
if detect_gpu; then
info "GPU detected — installing Ollama…"
curl -fsSL https://ollama.com/install.sh | sh # ← line 196, no integrity check
info "Ollama installed: v$(get_ollama_version)"
else
warn "No GPU detected — skipping Ollama installation."
return
fi
fiCurrently commented out at line 398:
# install_or_upgrade_ollamaCorrect Pattern Already in the Same File
# install.sh:118-143 — nvm installer with SHA-256 verification
local NVM_VERSION="v0.40.4"
local NVM_SHA256="4b7412c49960c7d31e8df72da90c1fb5b8cccb419ac99537b737028d497aba4f"
local nvm_tmp
nvm_tmp="$(mktemp)"
curl -fsSL "https://raw.githubusercontent.com/nvm-sh/nvm/${NVM_VERSION}/install.sh" -o "$nvm_tmp" \
|| { rm -f "$nvm_tmp"; error "Failed to download nvm installer"; }
local actual_hash
if command_exists sha256sum; then
actual_hash="$(sha256sum "$nvm_tmp" | awk '{print $1}')"
elif command_exists shasum; then
actual_hash="$(shasum -a 256 "$nvm_tmp" | awk '{print $1}')"
else
warn "No SHA-256 tool found — skipping nvm integrity check"
actual_hash="$NVM_SHA256"
fi
if [[ "$actual_hash" != "$NVM_SHA256" ]]; then
rm -f "$nvm_tmp"
error "nvm installer integrity check failed\n Expected: $NVM_SHA256\n Actual: $actual_hash"
fi
info "nvm installer integrity verified"
bash "$nvm_tmp"
rm -f "$nvm_tmp"Recommended Fix
Apply the identical download-then-verify pattern to install_or_upgrade_ollama():
- Pin an Ollama installer version or commit hash in the URL
- Download to a temp file via
curl -fsSL ... -o "$tmp" - Compute SHA-256 and compare against a pinned hash
- Execute only on match, clean up on failure
Risk Assessment
- Impact: Arbitrary code execution with the invoking user's privileges
- Exploitability: Requires compromise of ollama.com or a MITM attack; mitigated by HTTPS
- Mitigating factor: The function is currently commented out in
main()and not executed during installation