This post is an overview of the different tunneling options available in OpenSSH.\nThis is inteded as a reference to use when I am explaining\n(every so often) how to use SSH for tunneling.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections/", "title": "Shell command and Emacs Lisp injection in emacsclient-mail.desktop", "url": "https://www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections/", "date_published": "2023-06-08T23:43:56+02:00", "date_modified": "2023-06-08T23:43:56+02:00", "tags": ["computer", "security", "emacs", "shell", "unix", "freedesktop"], "content_html": "Shell command injection and Emacs Lisp injection vulnerabilities\nin one of the Emacs Desktop Entry (emacsclient-mail.desktop)\nleading to arbitrary code execution\nthrough a crafted mailto: URI.
Some scripts I wrote to enable system-wide push-to-talk\n(for X11 and PulseAudio).\nSome people might find it useful for the ongoing lockdown.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2019/03/29/surprising-shell-pathname-expansion/", "title": "Surprising shell pathname expansion", "url": "https://www.gabriel.urdhr.fr/2019/03/29/surprising-shell-pathname-expansion/", "date_published": "2019-03-29T00:00:00+01:00", "date_modified": "2019-03-29T00:00:00+01:00", "tags": ["computer", "unix", "shell"], "content_html": "I thought I was understanding pretty well how bash argument processing and\nvarious expansions is supposed to behave. Apparently, there are still\nsubtleties which tricks me, sometimes.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2018/05/30/more-browser-injections/", "title": "More example of argument and shell command injections in browser invocation", "url": "https://www.gabriel.urdhr.fr/2018/05/30/more-browser-injections/", "date_published": "2018-05-30T00:00:00+02:00", "date_modified": "2018-05-30T00:00:00+02:00", "tags": ["computer", "unix", "debian", "security", "shell", "vulnerability"], "content_html": "In the previous episode, I talked about\nsome argument and shell command injections vulnerabilities\nthrough URIs passed to browsers.\nHere I am evaluating some other CVEs\nwhich were registered at the same time (not by me).
\n"}, {"id": "http://www.gabriel.urdhr.fr/2018/05/28/browser-injections/", "title": "Argument and shell command injections in browser invocation", "url": "https://www.gabriel.urdhr.fr/2018/05/28/browser-injections/", "date_published": "2018-05-28T00:00:00+02:00", "date_modified": "2018-05-28T00:00:00+02:00", "tags": ["computer", "unix", "debian", "security", "shell", "vulnerability", "freedesktop"], "content_html": "I found an argument injection vulnerability\nrelated to the handling of the BROWSER environment variable\nin sensible-browser.\nThis lead me (and others) to a few other arguments and shell command injection\nvulnerabilities in BROWSER processing and browser invocation in general.
A comparison of the different solutions for using SSH2 as a secured\ntransport for protocols/services/applications.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2016/10/18/terminal-sharing/", "title": "Terminal read-only live sharing", "url": "https://www.gabriel.urdhr.fr/2016/10/18/terminal-sharing/", "date_published": "2016-10-18T00:00:00+02:00", "date_modified": "2017-05-06T00:00:00+02:00", "tags": ["computer", "unix", "ssh", "screen"], "content_html": "Live sharing a terminal session to another (shared) host over SSH in\nread-only mode.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2016/08/07/openssh-proxyusefdpass/", "title": "OpenSSH ProxyUseFdPass", "url": "https://www.gabriel.urdhr.fr/2016/08/07/openssh-proxyusefdpass/", "date_published": "2016-08-07T00:00:00+02:00", "date_modified": "2025-03-28T15:37:22+01:00", "tags": ["computer", "network", "system", "ssh", "python", "unix"], "content_html": "While looking at the OpenSSH ssh_config manpage, I found the\nProxyUseFdpass configuration I did not know about.\nIt is apparently not widely known or used.
In order to help the SimGridMC state comparison code, I wrote a\nproof-of-concept LLVM pass which cleans each stack\nframe before using\nit. However, SimGridMC currently does not work properly when compiled\nwith clang/LLVM. We can do the same thing by pre-processing the\nassembly generated by the compiler before passing it to the linker:\nthis is done by inserting a script between the compiler and the\nassembler. This script will rewrite the generated assembly by\nprepending stack-cleaning code at the beginning of each function.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/09/25/filtering-the-clipboard/", "title": "Filtering the clipboard using UNIX filters", "url": "https://www.gabriel.urdhr.fr/2014/09/25/filtering-the-clipboard/", "date_published": "2014-09-25T00:00:00+02:00", "date_modified": "2014-09-25T00:00:00+02:00", "tags": ["computer", "x11", "unix", "cms", "html"], "content_html": "I had a few Joomla posts that I wanted to clean up semi-automatically.\nHere are a few scripts, to pass the content of the clipboard (or the\ncurrent selection) through a UNIX filter.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/05/23/flamegraph/", "title": "Profiling and optimising with Flamegraph", "url": "https://www.gabriel.urdhr.fr/2014/05/23/flamegraph/", "date_published": "2014-05-23T00:00:00+02:00", "date_modified": "2014-05-23T00:00:00+02:00", "tags": ["simgrid", "optimisation", "profiling", "computer", "flamegraph", "unix", "gdb", "perf"], "content_html": "Flamegraph\nis a software which generates SVG graphics\nto visualise stack-sampling based\nprofiles. It processes data collected with tools such as Linux perf,\nSystemTap, DTrace.
\n"}]}