https://github.com/torvalds/linux/tree/8bcab0346d4fcf21b97046eb44db8cf37ddd6da0
hey guys its me linus torvalds, author of the smash hit linux. yes its me you can look at the url of the repo and the thingy at the top of the files it proves its 100% me.
i deleted linux because i hate it now i think it sucks. you should go use this awesome os its called windows xp i just discovered it its great
1
zhangxs1989 2022-01-26 15:14:07 +08:00
阴阳怪气是吧
|
2
qsmd42 2022-01-26 15:16:37 +08:00 4
底下不是有个链接吗 点进去看是如何利用 github 漏洞进行恶作剧
|
3
learningman 2022-01-26 15:17:05 +08:00
底下的链接写了,是一次展示伪造 commit 的行为艺术
|
4
lnanddj OP @learningman 哈哈哈哈啊哈 果然是,没注意到
|
5
imzcg2 2022-01-26 15:20:33 +08:00 via Android
linus ,虽然创造了 git ,但好像一直都讨厌 github
|
6
dingwen07 2022-01-26 15:21:06 +08:00 via Android
一直开启 Vigilant mode ,这样没有签名的 commit 就会显示成 unverified
|
7
drackzy 2022-01-26 15:22:41 +08:00
之前漏洞,可以伪造 linus commit 你的代码
|
8
wonderfulcxm 2022-01-26 15:23:14 +08:00 1
Others probably have not fully realized this yet, but with GitHub one can:
1) Publish arbitrary commits under your https://github.com/my/project URL, e.g. a fake https://github.com/my/project/blob/<faked_commit>/README.md in your project describing how to install it that actually describes installing malware. 2) Publish those commits under your name, with your email address, and GitHub will prominently display it as if you made the commit (most do not use GPG signatures, and most do not know to look for "Verified" anyway) It seemed only a matter of time before this behavior got abused for something (anti-DMCA action is perhaps the best outcome of this situation I can imagine..) |
10
czfy 2022-01-26 15:56:58 +08:00
毕竟是曾经公开 fuck you nvidia 的男人
|
11
ysc3839 2022-01-26 16:05:04 +08:00 2
这是 GitHub 架构的缺陷吧,GitHub 中 fork 的仓库和原仓库在内部是共用一个存储库的,你在你 fork 的仓库中提交,在原仓库也可以通过 commit hash 访问到。
https://github.com/torvalds/linux/commit/8bcab0346d4fcf21b97046eb44db8cf37ddd6da0 这里可以看到 This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. |
12
SekiBetu 2022-01-26 20:18:22 +08:00
挺好玩的,github 不认为这是漏洞
|
13
harwck 2022-01-26 20:20:10 +08:00
f u Nvidia +1
|
14
Biwood 2022-01-26 20:41:59 +08:00 2
github 不认为是漏洞?感觉很容易伪造一个捐款入口啊
|
15
Jooooooooo 2022-01-26 20:54:44 +08:00
像是他会说的话.
|
17
ncepuzs 2022-01-26 21:52:30 +08:00
可以伪造他人 commit 的,建议使用 GPG signature
|
19
EldersJavas 2022-01-27 11:30:51 +08:00
翻译:
大家好,我是 Linus torvalds, linux 畅销书的作者。是的,这就是我。 你可以看看回购的 url 和文件顶部的东西,它证明了 100%的我。 我删除了 Linux ,因为我讨厌它,现在我觉得它糟透了。你应该使用这个很棒的操作系统,它叫 Windows xp ,我刚发现它很棒 |
20
shadeofgod 2022-01-27 14:45:54 +08:00 3
|
21
storyxc 2022-01-27 16:08:35 +08:00
吓我一天,原来是恶搞,最下面有个链接
|