security
打造安卓调试环境
· ☕ 2 min read
修改内核参数 1 2 3 4 5 $ cat device/motorola/berlin/BoardConfig.mk | grep TARGET_KERNEL_CONFIG TARGET_KERNEL_CONFIG += vendor/lineage_berlin.config $ cat device/motorola/sm7325-common/BoardConfigCommon.mk | grep TARGET_KERNEL_CONFIG TARGET_KERNEL_CONFIG := vendor/lahaina-qgki_defconfig vendor/lineage_moto-lahaina.config $ vim /mnt/android/lineage/kernel/motorola/sm7325/arch/arm64/configs/vendor/lineage_berlin.config 手动更新内核(Patch commit) 1 2 3 4 5 $ git remote add linux-stable https://mirrors.bfsu.edu.cn/git/linux-stable.git $ git fetch linux-stable # 查看

hertz path-traversal vulnerability; echo open redirect vulnerability
· ☕ 5 min read
漏洞及修复 先上链接 https://github.com/cloudwego/hertz/issues/228 https://github.com/cloudwego/hertz/pull/229 起因是昨晚睡前看到hertz issue列表有一个默认通过XFF获取ClientIP的漏洞,这很容易被伪造。Issue中