当前位置: 首页 > news >正文

实用指南:Hardening fixes lead to hard questions

实用指南:Hardening fixes lead to hard questions

Kees Cook's "hardening fixes" pull request for the 6.16mergewindow looked like a straightforward exercise; it only contained four commits. So just about everybody was surprised when it resulted in Cook being temporarily blocked from his kernel.org account among fears of malicious activity. When the dust settled, though, the red alert was canceled. It turns out, surprisingly, that Git is a tool with which one can inflict substantial self-harm in a moment of inattention.

Kees Cook 提交的针对 6.16 合并窗口的 “hardening fixes”(加固修复)拉取请求看起来是个简单的工作,只包括了四个提交。因此,当这个请求导致 Cook 因疑似恶意行为而被暂时封禁 kernel.org 帐户时,几乎所有人都感到震惊。然而,尘埃落定之后,警报被取消。令人意外的是,Git竟是一种在稍不留神的情况下就可能对自己造成严重伤害的工具。

Linus Torvalds reacted strongly to Cook's pull request after noticing that many of the commits found within it had been modified in strange ways. Git tracks both the author of a commit (the person who wrote the code), and the committer (the person who put that code into the repository). In this case, there were changes that claimed to have been committed by Torvalds, but they were actually rewritten (but unmodified beyond the metadata) versions of his commits with different SHA IDs. Torvalds said: "You seem to have actively maliciously modified your tree completely", implying that some sort of deliberate, underhanded change

http://www.hskmm.com/?act=detail&tid=25535

相关文章:

  • 赛前训练6 状压
  • 排序综合
  • NKOJ全TJ计划——NP11745
  • InfinityFree教程 ——免费搭建属于你的网站
  • 关于调和级数估算前n项的和
  • 10.6 模考 T4(QOJ 1836)
  • 实用指南:【Node.js 深度解析】npm install 遭遇:npm ERR! code CERT_HAS_EXPIRED 错误的终极解决方案
  • 顺序结构
  • Windows漏洞利用技巧:虚拟内存访问陷阱(2025更新)
  • Python编译期优化:隐藏在代码背后的效率魔法
  • 一篇文章带你了解 WGCLOUD运维监控系统的部署与应用
  • 选择结构
  • Python函数默认参数陷阱:可变对象的共享问题深度解析
  • 无需安装的Photoshop:网页版完整使用指南与在线图片编辑技巧
  • 求阶
  • gin 框架 - 教程
  • 赛前训练 5 树形 dp
  • 递推求解逆元
  • 一些做题记录(2025 2-3)
  • 智慧决策的透明化路径:“空白金兰契”架构下的“悟空备案制”研究
  • 笔记:寻找适合自己的简历工具(YAMLResume)
  • 实用指南:Linux 权限管理入门:从基础到实践
  • vue插槽
  • Magnet Axiom 9.6 新增功能概览 - 数字取证与分析
  • Windows 11 24H2 中文版、英文版 (x64、ARM64) 下载 (2025 年 9 月发布)
  • Windows 11 25H2 正式版发布,新增功能简介
  • 无法定时发送
  • 计算能力的重要性:从内存配置到进程迁移的未来展望
  • MongoDB财报超预期,文档数据库技术解析
  • 深入解析:【RabbitMQ】- Channel和Delivery Tag机制