/dev/posts/

OpenSSH tunneling guide

“Welcome to the Warp Zone!”

Published:

This post is an overview of the different tunneling options available in OpenSSH. This is inteded as a reference to use when I am explaining (every so often) how to use SSH for tunneling.

Read more…

Shell command and Emacs Lisp injection in emacsclient-mail.desktop

Published:

Shell command injection and Emacs Lisp injection vulnerabilities in one of the Emacs Desktop Entry (emacsclient-mail.desktop) leading to arbitrary code execution through a crafted mailto: URI.

Read more…

Push-to-talk in any application

Published:

Some scripts I wrote to enable system-wide push-to-talk (for X11 and PulseAudio). Some people might find it useful for the ongoing lockdown.

Read more…

Surprising shell pathname expansion

Published:

I thought I was understanding pretty well how bash argument processing and various expansions is supposed to behave. Apparently, there are still subtleties which tricks me, sometimes.

Read more…

More example of argument and shell command injections in browser invocation

Published:

In the previous episode, I talked about some argument and shell command injections vulnerabilities through URIs passed to browsers. Here I am evaluating some other CVEs which were registered at the same time (not by me).

Read more…

Argument and shell command injections in browser invocation

Published:

I found an argument injection vulnerability related to the handling of the BROWSER environment variable in sensible-browser. This lead me (and others) to a a few other argument and shell command injection vulnerabilities in BROWSER processing and browser invocation in general.

Read more…

Foo over SSH

Using SSH as a transport for your protocol

Published:

A comparison of the different solutions for using SSH2 as a secured transport for protocols/services/applications.

Read more…

Terminal read-only live sharing

Published:

Live sharing a terminal session to another (shared) host over SSH in read-only mode.

Read more…

OpenSSH ProxyUseFdPass

Published:

While looking at the OpenSSH ssh_config manpage, I found the ProxyUseFdpass configuration I did not know about. It is apparently not widely known or used.

Read more…

Cleaning the stack by filtering the assembly

Published:

In order to help the SimGridMC state comparison code, I wrote a proof-of-concept LLVM pass which cleans each stack frame before using it. However, SimGridMC currently does not work properly when compiled with clang/LLVM. We can do the same thing by pre-processing the assembly generated by the compiler before passing it to the linker: this is done by inserting a script between the compiler and the assembler. This script will rewrite the generated assembly by prepending stack-cleaning code at the beginning of each function.

Read more…

Page 1 of 2 | | | JSON Feed | Atom Feed