Old Miraheze Wiki Pages:KB848249: Difference between revisions

From The LI AO Wiki
Save changes.
m 12 revisions imported: Import the dump of the "LI AO's Wiki (Miraheze)" wiki.
 
(5 intermediate revisions by one other user not shown)
Line 15: Line 15:
== Solution ==
== Solution ==
Li Ao does not recommend to modify the source code of the packages to build custom packages for production use. Instead, he recommends using the packages from Project V, an open-source project producing network proxy tools with obfuscation functionalities. The following packages are recommended:
Li Ao does not recommend to modify the source code of the packages to build custom packages for production use. Instead, he recommends using the packages from Project V, an open-source project producing network proxy tools with obfuscation functionalities. The following packages are recommended:
!--v2ray-core
 
!--v2ray-example
--v2ray-core<br />
!--v2ray-extra
--v2ray-example<br />
--v2ray-extra
 
=== Alternative Options ===


For Shadowsocks configurations, users can consider using the following packages as they do not have rogue behaviours:
For Shadowsocks configurations, users can consider using the following packages as they do not have rogue behaviours:
!--shadowsocks-libev-config
 
!--shadowsocks-libev-ss-local
--shadowsocks-libev-config<br />
!--shadowsocks-libev-ss-redir
--shadowsocks-libev-ss-local<br />
!--shadowsocks-libev-ss-tunnel
--shadowsocks-libev-ss-redir<br />
!--luci-app-shadowsocks-libev
--shadowsocks-libev-ss-tunnel<br />
--luci-app-shadowsocks-libev
 
Users can also choose to install geolocation data supplied by these packages:
Users can also choose to install geolocation data supplied by these packages:
!--shadowsocks-libev-ss-rules
 
--shadowsocks-libev-ss-rules
== More Information ==
== More Information ==
System administrators in enterprises considering applying new software packages on their systems are advised to check with publisher information as a precaution measure against rogue behaviours and viruses, or to avoid spyware.
System administrators in enterprises considering applying new software packages on their systems are advised to check with publisher information as a precaution measure against rogue behaviours and viruses, or to avoid spyware.
__INDEX__
__INDEX__

Latest revision as of 18:14, 28 September 2024


Introduction

Li Ao downloaded an OpenWrt software package named "v2raya" and "luci-app-v2raya". As he sought information about the usage of this software, and was tring to activate the Web management console, he noticed unsoliticitly behaviour which may indicates automated file downloading. He later confirmed that this package has the ability of not only triggering automated downloads from Internet locations, but changing router configuration automatically, with information given by a YouTube video.

He confirmethat this software package has rogue behaviours which may cause damages to proper configuration, and may result in insultion to users.

Symptoms

Li Ao downloaded the packages named "v2raya" and "luci-app-v2raya" from the OpenWrt software package repository. As he was going to look on the user interface to learn the design concepts in order to know the usage, he noticed that its Web interface indicated a message telling some missing files were downloading. He later confirmed the guess of rogue software is true, with a YouTube video showing the behaviour of the software.

As confirmed on information of the GitHub repository, the software will not only download from GitHub missing components, but will also apply routing configurations without the user's consent. As it connects to the added v2Ray servers, a fixed rule which will result in traffic leaking for routers without a default routing perference but with certain types of custom configurations.

He did neither review the complete source code nor the actual machine code executions before confirming the software has rogue features.

Solution

Li Ao does not recommend to modify the source code of the packages to build custom packages for production use. Instead, he recommends using the packages from Project V, an open-source project producing network proxy tools with obfuscation functionalities. The following packages are recommended:

--v2ray-core
--v2ray-example
--v2ray-extra

Alternative Options

For Shadowsocks configurations, users can consider using the following packages as they do not have rogue behaviours:

--shadowsocks-libev-config
--shadowsocks-libev-ss-local
--shadowsocks-libev-ss-redir
--shadowsocks-libev-ss-tunnel
--luci-app-shadowsocks-libev

Users can also choose to install geolocation data supplied by these packages:

--shadowsocks-libev-ss-rules

More Information

System administrators in enterprises considering applying new software packages on their systems are advised to check with publisher information as a precaution measure against rogue behaviours and viruses, or to avoid spyware.