Linus 这是怎么了,发脾气了吗哈哈 - V2EX
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Distributions
Ubuntu
Fedora
CentOS
中文资源站
网易开源镜像站
lnanddj
V2EX    Linux

Linus 这是怎么了,发脾气了吗哈哈

  lnanddj 2022-01-26 15:11:42 +08:00 12518 次点击
这是一个创建于 1364 天前的主题,其中的信息可能已经有所发展或是发生改变。

https://github.com/torvalds/linux/tree/8bcab0346d4fcf21b97046eb44db8cf37ddd6da0

hey guys its me linus torvalds, author of the smash hit linux. yes its me you can look at the url of the repo and the thingy at the top of the files it proves its 100% me.

i deleted linux because i hate it now i think it sucks. you should go use this awesome os its called windows xp i just discovered it its great

21 条回复    2022-01-27 16:08:35 +08:00
zhangxs1989
    1
zhangxs1989  
   2022-01-26 15:14:07 +08:00
阴阳怪气是吧
qsmd42
    2
qsmd42  
   2022-01-26 15:16:37 +08:00   4
底下不是有个链接吗 点进去看是如何利用 github 漏洞进行恶作剧
learningman
    3
learningman  
   2022-01-26 15:17:05 +08:00
底下的链接写了,是一次展示伪造 commit 的行为艺术
lnanddj
    4
lnanddj  
OP
   2022-01-26 15:19:54 +08:00
@learningman 哈哈哈哈啊哈 果然是,没注意到
imzcg2
    5
imzcg2  
   2022-01-26 15:20:33 +08:00 via Android
linus ,虽然创造了 git ,但好像一直都讨厌 github
dingwen07
    6
dingwen07  
   2022-01-26 15:21:06 +08:00 via Android
一直开启 Vigilant mode ,这样没有签名的 commit 就会显示成 unverified
drackzy
    7
drackzy  
   2022-01-26 15:22:41 +08:00
之前漏洞,可以伪造 linus commit 你的代码
wonderfulcxm
    8
wonderfulcxm  
   2022-01-26 15:23:14 +08:00   1
Others probably have not fully realized this yet, but with GitHub one can:
1) Publish arbitrary commits under your https://github.com/my/project URL, e.g. a fake https://github.com/my/project/blob/<faked_commit>/README.md in your project describing how to install it that actually describes installing malware.

2) Publish those commits under your name, with your email address, and GitHub will prominently display it as if you made the commit (most do not use GPG signatures, and most do not know to look for "Verified" anyway)

It seemed only a matter of time before this behavior got abused for something (anti-DMCA action is perhaps the best outcome of this situation I can imagine..)
txoooy
    9
txoooy  
   2022-01-26 15:38:28 +08:00 via iPhone
@drackzy 这算是个 bug 吗, 我记得.git 里面内容本来就可以随意篡改的
jr55475f112iz2tu
    10
jr55475f112iz2tu  
   2022-01-26 15:56:58 +08:00
毕竟是曾经公开 fuck you nvidia 的男人
ysc3839
    11
ysc3839  
   2022-01-26 16:05:04 +08:00   2
这是 GitHub 架构的缺陷吧,GitHub 中 fork 的仓库和原仓库在内部是共用一个存储库的,你在你 fork 的仓库中提交,在原仓库也可以通过 commit hash 访问到。

https://github.com/torvalds/linux/commit/8bcab0346d4fcf21b97046eb44db8cf37ddd6da0
这里可以看到
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SekiBetu
    12
SekiBetu  
   2022-01-26 20:18:22 +08:00
挺好玩的,github 不认为这是漏洞
harwck
    13
harwck  
   2022-01-26 20:20:10 +08:00
f u Nvidia +1
Biwood
    14
Biwood  
   2022-01-26 20:41:59 +08:00   2
github 不认为是漏洞?感觉很容易伪造一个捐款入口啊
Jooooooooo
    15
Jooooooooo  
   2022-01-26 20:54:44 +08:00
像是他会说的话.
DGideas
    16
DGideas  
   2022-01-26 21:00:12 +08:00
@Biwood 这个切入点好!我都没有想到
ncepuzs
    17
ncepuzs  
   2022-01-26 21:52:30 +08:00
可以伪造他人 commit 的,建议使用 GPG signature
Wanex
    18
Wanex  
   2022-01-27 10:52:00 +08:00
@qsmd42 学到了
EldersJavas
    19
EldersJavas  
   2022-01-27 11:30:51 +08:00
翻译:
大家好,我是 Linus torvalds, linux 畅销书的作者。是的,这就是我。

你可以看看回购的 url 和文件顶部的东西,它证明了 100%的我。

我删除了 Linux ,因为我讨厌它,现在我觉得它糟透了。你应该使用这个很棒的操作系统,它叫 Windows xp ,我刚发现它很棒
shadeofgod
    20
shadeofgod  
   2022-01-27 14:45:54 +08:00   3
storyxc
    21
storyxc  
   2022-01-27 16:08:35 +08:00
吓我一天,原来是恶搞,最下面有个链接
关于     帮助文档     自助推广系统     博客     API     FAQ     Solana     5315 人在线   最高记录 6679       Select Language
创意工作者们的社区
World is powered by solitude
VERSION: 3.9.8.5 40ms UTC 07:19 PVG 15:19 LAX 00:19 JFK 03:19
Do have faith in what you're doing.
ubao msn snddm index pchome yahoo rakuten mypaper meadowduck bidyahoo youbao zxmzxm asda bnvcg cvbfg dfscv mmhjk xxddc yybgb zznbn ccubao uaitu acv GXCV ET GDG YH FG BCVB FJFH CBRE CBC GDG ET54 WRWR RWER WREW WRWER RWER SDG EW SF DSFSF fbbs ubao fhd dfg ewr dg df ewwr ewwr et ruyut utut dfg fgd gdfgt etg dfgt dfgd ert4 gd fgg wr 235 wer3 we vsdf sdf gdf ert xcv sdf rwer hfd dfg cvb rwf afb dfh jgh bmn lgh rty gfds cxv xcv xcs vdas fdf fgd cv sdf tert sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf shasha9178 shasha9178 shasha9178 shasha9178 shasha9178 liflif2 liflif2 liflif2 liflif2 liflif2 liblib3 liblib3 liblib3 liblib3 liblib3 zhazha444 zhazha444 zhazha444 zhazha444 zhazha444 dende5 dende denden denden2 denden21 fenfen9 fenf619 fen619 fenfe9 fe619 sdf sdf sdf sdf sdf zhazh90 zhazh0 zhaa50 zha90 zh590 zho zhoz zhozh zhozho zhozho2 lislis lls95 lili95 lils5 liss9 sdf0ty987 sdft876 sdft9876 sdf09876 sd0t9876 sdf0ty98 sdf0976 sdf0ty986 sdf0ty96 sdf0t76 sdf0876 df0ty98 sf0t876 sd0ty76 sdy76 sdf76 sdf0t76 sdf0ty9 sdf0ty98 sdf0ty987 sdf0ty98 sdf6676 sdf876 sd876 sd876 sdf6 sdf6 sdf9876 sdf0t sdf06 sdf0ty9776 sdf0ty9776 sdf0ty76 sdf8876 sdf0t sd6 sdf06 s688876 sd688 sdf86