OpenSSH tunneling guide

“Welcome to the Warp Zone!”

Published: Apr 13 2024

This post is an overview of the different tunneling options available in OpenSSH. This is inteded as a reference to use when I am explaining (every so often) how to use SSH for tunneling.

Shell command and Emacs Lisp injection in emacsclient-mail.desktop

Published: Jun 8 2023

Shell command injection and Emacs Lisp injection vulnerabilities in one of the Emacs Desktop Entry (emacsclient-mail.desktop) leading to arbitrary code execution through a crafted mailto: URI.

Push-to-talk in any application

Published: Apr 11 2020

Some scripts I wrote to enable system-wide push-to-talk (for X11 and PulseAudio). Some people might find it useful for the ongoing lockdown.

Surprising shell pathname expansion

Published: Mar 29 2019

I thought I was understanding pretty well how bash argument processing and various expansions is supposed to behave. Apparently, there are still subtleties which tricks me, sometimes.

More example of argument and shell command injections in browser invocation

Published: May 30 2018

In the previous episode, I talked about some argument and shell command injections vulnerabilities through URIs passed to browsers. Here I am evaluating some other CVEs which were registered at the same time (not by me).

Argument and shell command injections in browser invocation

Published: May 28 2018

I found an argument injection vulnerability related to the handling of the BROWSER environment variable in sensible-browser. This lead me (and others) to a a few other argument and shell command injection vulnerabilities in BROWSER processing and browser invocation in general.

Foo over SSH

Using SSH as a transport for your protocol

Published: Aug 2 2017

A comparison of the different solutions for using SSH2 as a secured transport for protocols/services/applications.

Terminal read-only live sharing

Published: Oct 18 2016

Live sharing a terminal session to another (shared) host over SSH in read-only mode.

OpenSSH ProxyUseFdPass

Published: Aug 7 2016

While looking at the OpenSSH ssh_config manpage, I found the ProxyUseFdpass configuration I did not know about. It is apparently not widely known or used.

Cleaning the stack by filtering the assembly

Published: Oct 6 2014

In order to help the SimGridMC state comparison code, I wrote a proof-of-concept LLVM pass which cleans each stack frame before using it. However, SimGridMC currently does not work properly when compiled with clang/LLVM. We can do the same thing by pre-processing the assembly generated by the compiler before passing it to the linker: this is done by inserting a script between the compiler and the assembler. This script will rewrite the generated assembly by prepending stack-cleaning code at the beginning of each function.

Page 1 of 2 | Previous page | Next page | JSON Feed | Atom Feed