Hello everyone, I’m Xiaobian.
Recently, Linus Torvalds ( the father of Linus ) submitted a mischievous README page in the Linux GitHub repository:
https://ift.tt/f9VeqZD, its remark is called “delete linux because it sucks”
– I removed Linux because it was crap.
Hello everyone, I’m linus torvalds ( the father of Linus ), the author of the smash hit linux. You can look at the repo’s url and the name at the top of the file, which proves that I am committing.
I removed linux because I hate it and I think it sucks. You should go for this awesome operating system, it’s called windows xp, I just found out it’s really awesome.
Why do you say it’s a prank? Because the source code of Linux has not been deleted, and some careful netizens found that there is a link at the bottom of the README:
This link points to a thread on the Hacker News hacking forum detailing an existing “fake commit” vulnerability in GitHub: available at
https://ift.tt/g8yeEfP
Publish any commit under the URL.
e.g. with
https://ift.tt/nYldOrs
This kind of URL can publish a fake README page. This fake submission will not appear in the project’s submission record, nor does it belong to any branch, and can only be seen by visiting a specific URL. And Linus’s prank README file exploits this false submission vulnerability. Take a look at the URL of this README:
If it is a normal commit, the URL should have the word commit , for example:
Aside from the URL, the README file doesn’t appear in the commit log either:
It can be seen that Linus was just joking, not really deleting the library and running away.
If you are interested in this vulnerability, check out the original Hacker News post, this fake commit vulnerability is combined with another GitHub “impersonation user via git email address”
Vulnerability:
https://ift.tt/62huoYs
Can create fake phishing pages.
for example
https://ift.tt/uaC9HN7
This repository, it seems that Linus himself participated in the construction of this repository:
However, this is just by replacing the email address vulnerability, replacing slimsag with torvalds.
On the left is the torvalds that replaced the email address through the loophole, and on the right is the normal one. After careful observation and comparison, it can be found that the torvalds replaced by the blind method do not display the activity record.
These GitHub bugs were all made public in 2020, but the author of the bug said that “GitHub doesn’t treat these issues as bugs at all”, I don’t know if GitHub can’t handle it, or think it’s unnecessary, anyway, they can still be exploited until now.
The text and pictures in this article are from the architect’s column
This article is reprinted from https://www.techug.com/post/linus-father-i-deleted-linux-because-it-was-garbage/
This site is for inclusion only, and the copyright belongs to the original author.