[U] Update channel content
This commit is contained in:
@@ -2,7 +2,7 @@
|
||||
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="zh-cn">
|
||||
<id>https://aza.moe/life</id>
|
||||
<title>小桂桂的回忆录 📒</title>
|
||||
<updated>2026-01-09T02:54:38.046005+00:00</updated>
|
||||
<updated>2026-01-09T04:35:12.952300+00:00</updated>
|
||||
<link href="https://aza.moe/life" rel="alternate"/>
|
||||
<generator uri="https://lkiesow.github.io/python-feedgen" version="0.9.0">python-feedgen</generator>
|
||||
<logo>https://aza.moe/meru_256px.png</logo>
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -72903,14 +72903,14 @@
|
||||
"id": 5277,
|
||||
"date": "2025-04-26T15:39:57",
|
||||
"text": "<a href=\"https://t.me/kxxtchannel/962\">https://t.me/kxxtchannel/962</a>\n\nClash Verge 的提权漏洞好抽象... 有一个本地 http 接口用来启动 clash,但是发请求的人可以指定 clash 程序路径,然后它不检查程序签名也不检查请求来源直接跑,还是用 root 权限跑 <i class=\"custom-emoji\" emoji-src=\"emoji/6320856404055820121.webp\">😨</i>\n\n鉴定为后门",
|
||||
"views": 1886,
|
||||
"views": 1887,
|
||||
"forwards": 52
|
||||
},
|
||||
{
|
||||
"id": 5278,
|
||||
"date": "2025-04-26T16:48:46",
|
||||
"text": "溯源一下发现这个漏洞是在 clash-verge-service 代码中出现的,从那个删库的原作者 zzzgydi 2022 年的<a href=\"https://github.com/zzzgydi/clash-verge-service/blob/42b42d47c82469f1a5d37c463dd89aaf41ac911c/src/service/web.rs#L58\">第一个提交</a>开始到现在都一直存在...",
|
||||
"views": 1175,
|
||||
"views": 1176,
|
||||
"forwards": 11,
|
||||
"reply": {
|
||||
"id": 5277,
|
||||
@@ -73066,7 +73066,7 @@
|
||||
"id": 5288,
|
||||
"date": "2025-04-28T20:26:59",
|
||||
"text": "后续:clash verge rev 的开发者给 macOS <a href=\"https://github.com/clash-verge-rev/clash-verge-service/commit/06b522d2ccf37bdbc00e59687cc701c946166afe\">添加了可执行程序签名验证</a>,然而这个签名验证并没有用(笑)\n\n因为它甚至没有解析 codesign 输出... 直接验证了 codesign 输出有没有包含特定的字符串,所以黑客只要自己签一个恶意 bin 把它检测的字符串全都堆到 identifier 里就可以绕过检测拿到 root 了 <i class=\"custom-emoji\" emoji-src=\"emoji/6170075684434610033.webm\">⌨</i>\n\n(PoC 原图放这里了: <a href=\"https://github.com/clash-verge-rev/clash-verge-service/issues/9\">clash-verge-service#9</a>)\n\n安全检查能写成这样也太草台了,而且这个注释看起来像是 AI 生成的一样... 希望大家都不要用这样的软件",
|
||||
"views": 6402,
|
||||
"views": 6403,
|
||||
"forwards": 150,
|
||||
"media_group_id": 13966976157341773,
|
||||
"images": [
|
||||
@@ -102196,7 +102196,7 @@
|
||||
"id": 7622,
|
||||
"date": "2025-12-31T23:00:35",
|
||||
"text": "锂电池烟花好好看,<del>想点</del>\n\n(源视频连接:<a href=\"https://www.youtube.com/watch?v=Mkgo_CLVbzg\"><em>Ignoring All Lithium Battery Safety Warnings.. For Science!</a></em>)",
|
||||
"views": 239,
|
||||
"views": 240,
|
||||
"forwards": 2,
|
||||
"files": [
|
||||
{
|
||||
@@ -102725,7 +102725,7 @@
|
||||
"id": 7670,
|
||||
"date": "2026-01-04T22:06:51",
|
||||
"text": "去玩了小游戏「<a href=\"https://thiori.itch.io/deep-fry\">Deep Fry</a>」(递归天妇罗?)好可爱好生草\n\n游戏全流程只有十五分钟,大家也可以去玩玩 qwq",
|
||||
"views": 298,
|
||||
"views": 302,
|
||||
"forwards": 7,
|
||||
"images": [
|
||||
{
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
<link>https://aza.moe/life</link>
|
||||
</image>
|
||||
<language>zh-cn</language>
|
||||
<lastBuildDate>Fri, 09 Jan 2026 02:54:38 +0000</lastBuildDate>
|
||||
<lastBuildDate>Fri, 09 Jan 2026 04:35:12 +0000</lastBuildDate>
|
||||
<item>
|
||||
<title>小桂桂的回忆录 📒 #7674</title>
|
||||
<link>https://aza.moe/life?post=7674</link>
|
||||
|
||||
Reference in New Issue
Block a user