From owner-freebsd-hackers Tue Jan 21 1:44: 9 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4184837B401 for ; Tue, 21 Jan 2003 01:44:08 -0800 (PST) Received: from obsecurity.dyndns.org (adsl-64-169-106-48.dsl.lsan03.pacbell.net [64.169.106.48]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5554543ED8 for ; Tue, 21 Jan 2003 01:44:07 -0800 (PST) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id 2E32166B60; Tue, 21 Jan 2003 01:44:06 -0800 (PST) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id 130F58DE; Tue, 21 Jan 2003 01:44:05 -0800 (PST) Date: Tue, 21 Jan 2003 01:44:05 -0800 From: Kris Kennaway To: Miguel Mendez Cc: Kris Kennaway , hackers@freebsd.org Subject: Re: RFC: Adding a new (safer) data entry function to libdialog Message-ID: <20030121094405.GA21197@rot13.obsecurity.org> References: <20030120121851.30ff961f.flynn@energyhq.homeip.net> <20030121015947.GA7310@rot13.obsecurity.org> <20030121101502.049abd8e.flynn@energyhq.homeip.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IS0zKkzwUGydFO0o" Content-Disposition: inline In-Reply-To: <20030121101502.049abd8e.flynn@energyhq.homeip.net> User-Agent: Mutt/1.4i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --IS0zKkzwUGydFO0o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 21, 2003 at 10:15:02AM +0100, Miguel Mendez wrote: > On Mon, 20 Jan 2003 17:59:47 -0800 > Kris Kennaway wrote: >=20 > >> [making libdialog safer } > > libdialog is rife with overflowable buffers..I'm not sure it would be > > safe even with this input method. >=20 > Okay, I have another idea that might be a bit more productive, since the > code in libdialog seems to be nothing but a huge hack. How about > adopting tvision to replace dialog(3)? Libh uses tvision, and I've > thought about writing a small API compat glue (libtdialog.{so,a}) that > would allow legacy libdialog code to be linked with tvision without > modification. The only (big) drawback I see in tvision is that it's in > C++, otherwise is lightyears ahead of what dialog(3) currently offers. That could be quite a worthwhile project. Kris --IS0zKkzwUGydFO0o Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+LRZlWry0BWjoQKURAhlwAKDVgi0ev3/dVK7kAXM5tOT3aJMJWACeMbxp cFfV7NogSJMDGkd/Fyxu4mg= =96wu -----END PGP SIGNATURE----- --IS0zKkzwUGydFO0o-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message