This post is an overview of the different tunneling options available in OpenSSH. This is inteded as a reference to use when I am explaining (every so often) how to use SSH for tunneling.
Read more…
Shell command injection and Emacs Lisp injection vulnerabilities in one of the Emacs Desktop Entry (emacsclient-mail.desktop) leading to arbitrary code execution through a crafted mailto:
URI.
Read more…
Some scripts I wrote to enable system-wide push-to-talk (for X11 and PulseAudio). Some people might find it useful for the ongoing lockdown.
Read more…
I thought I was understanding pretty well how bash argument processing and various expansions is supposed to behave. Apparently, there are still subtleties which tricks me, sometimes.
Read more…
In the previous episode, I talked about some argument and shell command injections vulnerabilities through URIs passed to browsers. Here I am evaluating some other CVEs which were registered at the same time (not by me).
Read more…
I found an argument injection vulnerability related to the handling of the BROWSER
environment variable in sensible-browser
. This lead me (and others) to a a few other argument and shell command injection vulnerabilities in BROWSER
processing and browser invocation in general.
Read more…
A comparison of the different solutions for using SSH2 as a secured transport for protocols/services/applications.
Read more…
Live sharing a terminal session to another (shared) host over SSH in read-only mode.
Read more…
While looking at the OpenSSH ssh_config
manpage, I found the ProxyUseFdpass
configuration I did not know about. It is apparently not widely known or used.
Read more…
In order to help the SimGridMC state comparison code, I wrote a proof-of-concept LLVM pass which cleans each stack frame before using it. However, SimGridMC currently does not work properly when compiled with clang/LLVM. We can do the same thing by pre-processing the assembly generated by the compiler before passing it to the linker: this is done by inserting a script between the compiler and the assembler. This script will rewrite the generated assembly by prepending stack-cleaning code at the beginning of each function.
Read more…
Page 1 of 2 | Previous page | Next page | JSON Feed | Atom Feed