Conversation

Notices

1. Embed this notice
   abadidea (0xabad1dea@infosec.exchange)'s status on Friday, 03-Jan-2025 23:22:00 JST abadidea

   ⚠️ If you use iTerm with the SSH integration functionality: some debug code accidentally shipped to production and it may be logging the entire session to /tmp... on the REMOTE server. If you SSH to shared hosts with iTerm, you'll probably want to look into deleting that as quickly as possible https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Friday, 03-Jan-2025 23:22:36 JST Rich Felker

     in reply to

     @0xabad1dea How does it even have a mechanism to write a log to remote??

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Friday, 03-Jan-2025 23:52:50 JST Rich Felker

     in reply to

     @0xabad1dea It's gotta be doing something like sending over a script to run or something though. Like, this would definitely be impossible with forced-command on the remote side not allowing arbitrary commands, e.g. if remote was a git-only ssh server.

   • Embed this notice
     abadidea (0xabad1dea@infosec.exchange)'s status on Friday, 03-Jan-2025 23:52:51 JST abadidea

     in reply to

     • Rich Felker

     @dalias SSH is a lot more flexible than most people realize