⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 00000010.htm

📁 一份很好的linux入门资料
💻 HTM
字号:
🔍 
<HTML><HEAD>  <TITLE>BBS水木清华站∶精华区</TITLE></HEAD><BODY><CENTER><H1>BBS水木清华站∶精华区</H1></CENTER>发信人:&nbsp;lenx&nbsp;(冷·枫),&nbsp;信区:&nbsp;Linux&nbsp;<BR>标&nbsp;&nbsp;题:&nbsp;[安全]&nbsp;Non-executable&nbsp;user&nbsp;stack&nbsp;and&nbsp;symlink&nbsp;fix&nbsp;<BR>发信站:&nbsp;BBS&nbsp;水木清华站&nbsp;(Mon&nbsp;Nov&nbsp;24&nbsp;22:01:15&nbsp;1997)&nbsp;<BR>&nbsp;<BR>Linux目前安全的最佳方案,&nbsp;对stack&nbsp;overflow和symlink的攻击都有了相当好的防范&nbsp;<BR>&nbsp;<BR><A HREF="ftp://ftp.sepc.ac.cn/pub/linux/collect/system/kernel/linux-stack-symlink.tgz">ftp://ftp.sepc.ac.cn/pub/linux/collect/system/kernel/linux-stack-symlink.tgz</A>&nbsp;<BR>&nbsp;<BR>(sepc只对166.111/159.226/162.105开放)&nbsp;<BR>&nbsp;<BR>&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;Non-executable&nbsp;user&nbsp;stack&nbsp;area&nbsp;and&nbsp;symlink&nbsp;fix&nbsp;--&nbsp;Linux&nbsp;kernel&nbsp;patch&nbsp;<BR>&nbsp;&nbsp;&nbsp;----------------------------------------------------------------------&nbsp;<BR>&nbsp;<BR>==========&nbsp;<BR>&nbsp;Overview&nbsp;<BR>==========&nbsp;<BR>&nbsp;<BR>This&nbsp;patch&nbsp;is&nbsp;intended&nbsp;to&nbsp;add&nbsp;protection&nbsp;against&nbsp;two&nbsp;classes&nbsp;of&nbsp;security&nbsp;<BR>holes:&nbsp;buffer&nbsp;overflows&nbsp;and&nbsp;symlinks&nbsp;in&nbsp;/tmp.&nbsp;<BR>&nbsp;<BR>Most&nbsp;buffer&nbsp;overflow&nbsp;exploits&nbsp;are&nbsp;based&nbsp;on&nbsp;overwriting&nbsp;a&nbsp;function's&nbsp;return&nbsp;<BR>address&nbsp;on&nbsp;the&nbsp;stack&nbsp;to&nbsp;point&nbsp;to&nbsp;some&nbsp;arbitrary&nbsp;code,&nbsp;which&nbsp;is&nbsp;also&nbsp;put&nbsp;<BR>onto&nbsp;the&nbsp;stack.&nbsp;If&nbsp;the&nbsp;stack&nbsp;area&nbsp;is&nbsp;non-executable,&nbsp;buffer&nbsp;overflow&nbsp;<BR>vulnerabilities&nbsp;become&nbsp;harder&nbsp;to&nbsp;exploit.&nbsp;<BR>&nbsp;<BR>Another&nbsp;way&nbsp;to&nbsp;exploit&nbsp;a&nbsp;buffer&nbsp;overflow&nbsp;is&nbsp;to&nbsp;point&nbsp;the&nbsp;return&nbsp;address&nbsp;to&nbsp;<BR>a&nbsp;function&nbsp;in&nbsp;libc,&nbsp;usually&nbsp;system().&nbsp;This&nbsp;patch&nbsp;also&nbsp;changes&nbsp;the&nbsp;default&nbsp;<BR>address&nbsp;that&nbsp;shared&nbsp;libraries&nbsp;are&nbsp;mmap()ed&nbsp;at&nbsp;to&nbsp;make&nbsp;it&nbsp;always&nbsp;contain&nbsp;a&nbsp;<BR>zero&nbsp;byte.&nbsp;This&nbsp;makes&nbsp;it&nbsp;impossible&nbsp;to&nbsp;specify&nbsp;any&nbsp;more&nbsp;data&nbsp;(parameters&nbsp;<BR>to&nbsp;the&nbsp;function,&nbsp;or&nbsp;more&nbsp;copies&nbsp;of&nbsp;the&nbsp;return&nbsp;address&nbsp;when&nbsp;filling&nbsp;with&nbsp;a&nbsp;<BR>pattern)&nbsp;in&nbsp;an&nbsp;exploit&nbsp;that&nbsp;has&nbsp;to&nbsp;do&nbsp;with&nbsp;ASCIIZ&nbsp;strings&nbsp;(this&nbsp;is&nbsp;the&nbsp;<BR>case&nbsp;for&nbsp;most&nbsp;overflow&nbsp;vulnerabilities).&nbsp;<BR>&nbsp;<BR>However,&nbsp;note&nbsp;that&nbsp;this&nbsp;patch&nbsp;is&nbsp;by&nbsp;no&nbsp;means&nbsp;a&nbsp;complete&nbsp;solution,&nbsp;it&nbsp;just&nbsp;<BR>adds&nbsp;an&nbsp;extra&nbsp;layer&nbsp;of&nbsp;security.&nbsp;Some&nbsp;buffer&nbsp;overflow&nbsp;vulnerabilities&nbsp;will&nbsp;<BR>still&nbsp;remain&nbsp;exploitable&nbsp;a&nbsp;more&nbsp;complicated&nbsp;way.&nbsp;The&nbsp;reason&nbsp;for&nbsp;using&nbsp;such&nbsp;<BR>a&nbsp;patch&nbsp;is&nbsp;to&nbsp;protect&nbsp;against&nbsp;some&nbsp;of&nbsp;the&nbsp;buffer&nbsp;overflow&nbsp;vulnerabilities&nbsp;<BR>that&nbsp;are&nbsp;yet&nbsp;unknown.&nbsp;<BR>&nbsp;<BR>In&nbsp;this&nbsp;version&nbsp;of&nbsp;my&nbsp;patch&nbsp;I&nbsp;also&nbsp;added&nbsp;a&nbsp;symlink&nbsp;security&nbsp;fix,&nbsp;originally&nbsp;<BR>by&nbsp;Andrew&nbsp;Tridgell.&nbsp;I&nbsp;changed&nbsp;it&nbsp;to&nbsp;prevent&nbsp;from&nbsp;using&nbsp;hard&nbsp;links&nbsp;too,&nbsp;by&nbsp;<BR>simply&nbsp;not&nbsp;allowing&nbsp;non-root&nbsp;users&nbsp;to&nbsp;create&nbsp;hard&nbsp;links&nbsp;to&nbsp;files&nbsp;they&nbsp;don't&nbsp;<BR>own,&nbsp;in&nbsp;+t&nbsp;directories.&nbsp;This&nbsp;seems&nbsp;to&nbsp;be&nbsp;the&nbsp;desired&nbsp;behavior&nbsp;anyway,&nbsp;since&nbsp;<BR>otherwise&nbsp;users&nbsp;couldn't&nbsp;remove&nbsp;such&nbsp;links&nbsp;they&nbsp;just&nbsp;created.&nbsp;I&nbsp;also&nbsp;added&nbsp;<BR>exploit&nbsp;attempt&nbsp;logging,&nbsp;this&nbsp;code&nbsp;is&nbsp;shared&nbsp;with&nbsp;the&nbsp;non-executable&nbsp;stack&nbsp;<BR>stuff,&nbsp;and&nbsp;was&nbsp;the&nbsp;reason&nbsp;to&nbsp;make&nbsp;it&nbsp;a&nbsp;single&nbsp;patch&nbsp;instead&nbsp;of&nbsp;two&nbsp;separate&nbsp;<BR>ones.&nbsp;You&nbsp;can&nbsp;enable&nbsp;them&nbsp;separately&nbsp;anyway.&nbsp;<BR>&nbsp;<BR>================&nbsp;<BR>&nbsp;How&nbsp;to&nbsp;install&nbsp;<BR>================&nbsp;<BR>&nbsp;<BR>Apply&nbsp;the&nbsp;patch.&nbsp;Enable&nbsp;prompting&nbsp;for&nbsp;experimental&nbsp;code&nbsp;in&nbsp;your&nbsp;kernel&nbsp;<BR>configuration,&nbsp;enable&nbsp;the&nbsp;patch&nbsp;itself&nbsp;(in&nbsp;General&nbsp;setup&nbsp;section).&nbsp;Read&nbsp;<BR>help&nbsp;for&nbsp;the&nbsp;suboptions,&nbsp;and&nbsp;configure&nbsp;them.&nbsp;Also,&nbsp;enable&nbsp;the&nbsp;symlink&nbsp;fix&nbsp;<BR>(in&nbsp;Filesystems&nbsp;section).&nbsp;Build&nbsp;the&nbsp;kernel&nbsp;and&nbsp;reboot.&nbsp;<BR>&nbsp;<BR>You&nbsp;may&nbsp;also&nbsp;want&nbsp;to&nbsp;add&nbsp;the&nbsp;following&nbsp;line&nbsp;to&nbsp;your&nbsp;/etc/syslog.conf&nbsp;to&nbsp;<BR>log&nbsp;[security]&nbsp;alerts&nbsp;separately:&nbsp;<BR>&nbsp;<BR>kern.alert&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/var/log/alert&nbsp;<BR>&nbsp;<BR>Additionally,&nbsp;you&nbsp;may&nbsp;do&nbsp;something&nbsp;like&nbsp;this&nbsp;(assuming&nbsp;the&nbsp;log&nbsp;file&nbsp;will&nbsp;<BR>be&nbsp;empty&nbsp;most&nbsp;of&nbsp;the&nbsp;time):&nbsp;<BR>&nbsp;<BR>><I>&nbsp;/var/log/alert&nbsp;</I><BR>chown&nbsp;root.staff&nbsp;/var/log/alert&nbsp;<BR>chmod&nbsp;640&nbsp;/var/log/alert&nbsp;<BR>echo&nbsp;&quot;more&nbsp;/var/log/alert&quot;&nbsp;&gt;&gt;&nbsp;~your_usual_non-root_account/.bash_profile&nbsp;<BR>chattr&nbsp;+a&nbsp;/var/log/alert&nbsp;<BR>&nbsp;<BR>[&nbsp;The&nbsp;last&nbsp;command&nbsp;doesn't&nbsp;do&nbsp;much&nbsp;--&nbsp;there're&nbsp;too&nbsp;many&nbsp;ways&nbsp;to&nbsp;get&nbsp;around&nbsp;<BR>securelevel&nbsp;in&nbsp;Linux&nbsp;right&nbsp;now:&nbsp;loading&nbsp;a&nbsp;kernel&nbsp;module,&nbsp;writing&nbsp;to&nbsp;the&nbsp;<BR>hard&nbsp;disk&nbsp;device,&nbsp;using&nbsp;iopl()&nbsp;and&nbsp;writing&nbsp;to&nbsp;the&nbsp;hard&nbsp;disk&nbsp;via&nbsp;ports...&nbsp;<BR>This&nbsp;can't&nbsp;be&nbsp;done&nbsp;over&nbsp;NFS&nbsp;however...&nbsp;]&nbsp;<BR>&nbsp;<BR>Ensure&nbsp;that&nbsp;the&nbsp;patch&nbsp;is&nbsp;working&nbsp;correctly,&nbsp;use&nbsp;stacktest.c&nbsp;for&nbsp;that&nbsp;--&nbsp;<BR>running&nbsp;'./stacktest&nbsp;-e'&nbsp;should&nbsp;segfault,&nbsp;and&nbsp;a&nbsp;message&nbsp;about&nbsp;possible&nbsp;<BR>buffer&nbsp;overflow&nbsp;exploit&nbsp;attempt&nbsp;should&nbsp;get&nbsp;logged&nbsp;to&nbsp;/var/log/alert&nbsp;(with&nbsp;<BR>syslogd&nbsp;configuration&nbsp;described&nbsp;above,&nbsp;and&nbsp;if&nbsp;you&nbsp;have&nbsp;logging&nbsp;enabled).&nbsp;<BR>If&nbsp;you&nbsp;enabled&nbsp;GCC&nbsp;trampolines&nbsp;autodetection,&nbsp;try&nbsp;running&nbsp;'./stacktest&nbsp;-t',&nbsp;<BR>it&nbsp;should&nbsp;succeed.&nbsp;<BR>&nbsp;<BR>Also,&nbsp;check&nbsp;the&nbsp;address&nbsp;libc&nbsp;is&nbsp;mmap()ed&nbsp;at,&nbsp;its&nbsp;MSB&nbsp;should&nbsp;be&nbsp;zero&nbsp;instead&nbsp;<BR>of&nbsp;0x40&nbsp;like&nbsp;it&nbsp;was&nbsp;before.&nbsp;Use&nbsp;a&nbsp;command&nbsp;like&nbsp;this:&nbsp;<BR>&nbsp;<BR>strace&nbsp;/bin/ls&nbsp;2&gt;&amp;1&nbsp;|&nbsp;grep&nbsp;mmap\[^\|\]\*\|PROT_EXEC&nbsp;|&nbsp;sed&nbsp;s/\[^=\]\*=//&nbsp;<BR>&nbsp;<BR>If&nbsp;you&nbsp;enabled&nbsp;the&nbsp;symlink&nbsp;fix&nbsp;you&nbsp;can&nbsp;also&nbsp;try&nbsp;to&nbsp;create&nbsp;a&nbsp;symlink&nbsp;in&nbsp;/tmp&nbsp;<BR>(as&nbsp;a&nbsp;non-root&nbsp;user)&nbsp;pointing&nbsp;to&nbsp;a&nbsp;file&nbsp;that&nbsp;user&nbsp;has&nbsp;no&nbsp;read&nbsp;access&nbsp;to,&nbsp;<BR>then&nbsp;switch&nbsp;to&nbsp;some&nbsp;other&nbsp;user&nbsp;that&nbsp;has&nbsp;the&nbsp;read&nbsp;access&nbsp;(for&nbsp;example,&nbsp;root)&nbsp;<BR>and&nbsp;try&nbsp;to&nbsp;read&nbsp;the&nbsp;file&nbsp;via&nbsp;the&nbsp;link&nbsp;(like,&nbsp;cat&nbsp;/tmp/link).&nbsp;This&nbsp;should&nbsp;<BR>fail,&nbsp;and&nbsp;a&nbsp;message&nbsp;should&nbsp;get&nbsp;logged&nbsp;(if&nbsp;enabled).&nbsp;Everything&nbsp;is&nbsp;similar&nbsp;<BR>for&nbsp;write&nbsp;access,&nbsp;and&nbsp;for&nbsp;symlinks&nbsp;to&nbsp;files&nbsp;that&nbsp;don't&nbsp;exist.&nbsp;Now,&nbsp;you&nbsp;can&nbsp;<BR>try&nbsp;to&nbsp;create&nbsp;a&nbsp;hard&nbsp;link&nbsp;in&nbsp;/tmp&nbsp;as&nbsp;a&nbsp;non-root&nbsp;user&nbsp;to&nbsp;a&nbsp;file&nbsp;that&nbsp;user&nbsp;<BR>doesn't&nbsp;own.&nbsp;This&nbsp;should&nbsp;also&nbsp;fail.&nbsp;<BR>&nbsp;<BR>========&nbsp;<BR>&nbsp;F.A.Q.&nbsp;<BR>========&nbsp;<BR>&nbsp;<BR>Q:&nbsp;Will&nbsp;GCC-compiled&nbsp;programs&nbsp;that&nbsp;use&nbsp;trampolines&nbsp;work&nbsp;with&nbsp;the&nbsp;patch?&nbsp;<BR>A:&nbsp;Yes,&nbsp;read&nbsp;help&nbsp;for&nbsp;the&nbsp;'Autodetect&nbsp;GCC&nbsp;trampolines'&nbsp;configuration&nbsp;option.&nbsp;<BR>&nbsp;<BR>Q:&nbsp;How&nbsp;do&nbsp;you&nbsp;differ&nbsp;a&nbsp;trampoline&nbsp;call&nbsp;from&nbsp;an&nbsp;exploit&nbsp;attempt?&nbsp;<BR>A:&nbsp;Since&nbsp;most&nbsp;buffer&nbsp;overflow&nbsp;exploits&nbsp;overwrite&nbsp;the&nbsp;return&nbsp;address,&nbsp;the&nbsp;<BR>instruction&nbsp;to&nbsp;pass&nbsp;control&nbsp;to&nbsp;the&nbsp;stack&nbsp;has&nbsp;to&nbsp;be&nbsp;a&nbsp;RET.&nbsp;With&nbsp;trampoline&nbsp;<BR>calls&nbsp;the&nbsp;instruction&nbsp;is&nbsp;a&nbsp;CALL.&nbsp;However,&nbsp;in&nbsp;some&nbsp;cases&nbsp;such&nbsp;trampoline&nbsp;<BR>autodetection&nbsp;can&nbsp;be&nbsp;fooled&nbsp;by&nbsp;RET'ing&nbsp;to&nbsp;a&nbsp;CALL&nbsp;instruction&nbsp;and&nbsp;making&nbsp;<BR>this&nbsp;CALL&nbsp;pass&nbsp;control&nbsp;onto&nbsp;the&nbsp;stack&nbsp;(in&nbsp;reality,&nbsp;this&nbsp;also&nbsp;requires&nbsp;a&nbsp;<BR>register&nbsp;to&nbsp;be&nbsp;set&nbsp;to&nbsp;the&nbsp;address).&nbsp;Again,&nbsp;read&nbsp;help&nbsp;for&nbsp;the&nbsp;'Autodetect&nbsp;<BR>GCC&nbsp;trampolines'&nbsp;configuration&nbsp;option.&nbsp;<BR>&nbsp;<BR>Q:&nbsp;What&nbsp;is&nbsp;chstk.c&nbsp;for?&nbsp;<BR>A:&nbsp;The&nbsp;patch&nbsp;adds&nbsp;an&nbsp;extra&nbsp;flag&nbsp;to&nbsp;ELF&nbsp;and&nbsp;a.out&nbsp;headers,&nbsp;which&nbsp;controls&nbsp;<BR>whether&nbsp;the&nbsp;program&nbsp;will&nbsp;be&nbsp;allowed&nbsp;to&nbsp;execute&nbsp;code&nbsp;on&nbsp;the&nbsp;stack&nbsp;or&nbsp;not,&nbsp;<BR>and&nbsp;chstk.c&nbsp;is&nbsp;what&nbsp;you&nbsp;should&nbsp;use&nbsp;to&nbsp;manage&nbsp;the&nbsp;flag.&nbsp;You&nbsp;might&nbsp;find&nbsp;it&nbsp;<BR>useful&nbsp;if&nbsp;you&nbsp;choose&nbsp;to&nbsp;disable&nbsp;the&nbsp;GCC&nbsp;trampolines&nbsp;autodetection.&nbsp;BTW,&nbsp;<BR>setting&nbsp;the&nbsp;flag&nbsp;also&nbsp;restores&nbsp;the&nbsp;original&nbsp;address&nbsp;shared&nbsp;libraries&nbsp;are&nbsp;<BR>mmap()ed&nbsp;at,&nbsp;just&nbsp;in&nbsp;case&nbsp;some&nbsp;program&nbsp;depends&nbsp;on&nbsp;that.&nbsp;<BR>&nbsp;<BR>Q:&nbsp;Why&nbsp;did&nbsp;you&nbsp;modify&nbsp;signal&nbsp;handler&nbsp;return&nbsp;code?&nbsp;<BR>A:&nbsp;Originally&nbsp;the&nbsp;kernel&nbsp;put&nbsp;some&nbsp;code&nbsp;onto&nbsp;the&nbsp;stack&nbsp;to&nbsp;return&nbsp;from&nbsp;signal&nbsp;<BR>handlers.&nbsp;Now&nbsp;signal&nbsp;handler&nbsp;returns&nbsp;are&nbsp;done&nbsp;via&nbsp;the&nbsp;GPF&nbsp;handler&nbsp;instead&nbsp;<BR>(an&nbsp;invalid&nbsp;magic&nbsp;return&nbsp;address&nbsp;is&nbsp;put&nbsp;on&nbsp;the&nbsp;stack).&nbsp;<BR>&nbsp;<BR>Q:&nbsp;What&nbsp;to&nbsp;do&nbsp;if&nbsp;a&nbsp;program&nbsp;needs&nbsp;to&nbsp;follow&nbsp;a&nbsp;symlink&nbsp;in&nbsp;a&nbsp;+t&nbsp;directory&nbsp;for&nbsp;<BR>its&nbsp;normal&nbsp;operation&nbsp;(without&nbsp;introducing&nbsp;a&nbsp;security&nbsp;hole)?&nbsp;<BR>A:&nbsp;Usually&nbsp;such&nbsp;a&nbsp;link&nbsp;needs&nbsp;to&nbsp;be&nbsp;created&nbsp;only&nbsp;once,&nbsp;so&nbsp;create&nbsp;it&nbsp;as&nbsp;root.&nbsp;<BR>Such&nbsp;links&nbsp;are&nbsp;followed&nbsp;even&nbsp;when&nbsp;the&nbsp;patch&nbsp;is&nbsp;enabled.&nbsp;<BR>&nbsp;<BR>Q:&nbsp;What&nbsp;will&nbsp;happen&nbsp;if&nbsp;someone&nbsp;does:&nbsp;<BR>ln&nbsp;-s&nbsp;/etc/passwd&nbsp;~/link&nbsp;<BR>ln&nbsp;-s&nbsp;~/link&nbsp;/tmp/link&nbsp;<BR>and&nbsp;the&nbsp;vulnerable&nbsp;program&nbsp;runs&nbsp;as&nbsp;root&nbsp;and&nbsp;writes&nbsp;to&nbsp;/tmp/link?&nbsp;<BR>A:&nbsp;The&nbsp;patch&nbsp;is&nbsp;not&nbsp;looking&nbsp;at&nbsp;the&nbsp;target&nbsp;of&nbsp;the&nbsp;symlink&nbsp;in&nbsp;/tmp,&nbsp;it&nbsp;only&nbsp;<BR>checks&nbsp;if&nbsp;the&nbsp;symlink&nbsp;itself&nbsp;is&nbsp;owned&nbsp;by&nbsp;the&nbsp;user&nbsp;that&nbsp;vulnerable&nbsp;program&nbsp;<BR>is&nbsp;running&nbsp;as,&nbsp;and&nbsp;doesn't&nbsp;follow&nbsp;the&nbsp;link&nbsp;if&nbsp;not&nbsp;(like&nbsp;in&nbsp;this&nbsp;example).&nbsp;<BR>&nbsp;<BR>Q:&nbsp;Is&nbsp;there&nbsp;some&nbsp;performance&nbsp;impact&nbsp;of&nbsp;using&nbsp;the&nbsp;patch?&nbsp;<BR>A:&nbsp;Well,&nbsp;the&nbsp;only&nbsp;thing&nbsp;affected&nbsp;is&nbsp;singal&nbsp;handler&nbsp;returns.&nbsp;I&nbsp;didn't&nbsp;want&nbsp;<BR>to&nbsp;modify&nbsp;the&nbsp;sigreturn&nbsp;syscall,&nbsp;so&nbsp;there&nbsp;is&nbsp;some&nbsp;extra&nbsp;code&nbsp;to&nbsp;setup&nbsp;its&nbsp;<BR>stack&nbsp;frame.&nbsp;I&nbsp;don't&nbsp;think&nbsp;this&nbsp;has&nbsp;a&nbsp;noticable&nbsp;effect&nbsp;on&nbsp;the&nbsp;performance:&nbsp;<BR>saved&nbsp;context&nbsp;checks&nbsp;and&nbsp;other&nbsp;signal&nbsp;handling&nbsp;stuff&nbsp;are&nbsp;taking&nbsp;much&nbsp;more&nbsp;<BR>time.&nbsp;Also,&nbsp;executing&nbsp;code&nbsp;on&nbsp;the&nbsp;stack&nbsp;was&nbsp;not&nbsp;fast&nbsp;anyway.&nbsp;<BR>&nbsp;<BR>Signed,&nbsp;<BR>Solar&nbsp;Designer&nbsp;&lt;<A HREF="mailto:solar@false.com>">solar@false.com></A>&nbsp;<BR>&nbsp;<BR>&nbsp;<BR>&nbsp;<BR>--&nbsp;<BR>※&nbsp;来源:·BBS&nbsp;水木清华站&nbsp;bbs.net.tsinghua.edu.cn·[FROM:&nbsp;162.105.118.33]&nbsp;<BR><CENTER><H1>BBS水木清华站∶精华区</H1></CENTER></BODY></HTML>

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -