Date: 21 Jan 2003 01:57:36 -0800 From: Max Okumoto <okumoto@ucsd.edu> To: Kris Kennaway <kris@obsecurity.org> Cc: Miguel Mendez <flynn@energyhq.homeip.net>, hackers@FreeBSD.ORG Subject: Re: RFC: Adding a new (safer) data entry function to libdialog Message-ID: <hfvg0i4ygf.fsf@multivac.sdsc.edu> In-Reply-To: <20030121094405.GA21197@rot13.obsecurity.org> References: <20030120121851.30ff961f.flynn@energyhq.homeip.net> <20030121015947.GA7310@rot13.obsecurity.org> <20030121101502.049abd8e.flynn@energyhq.homeip.net> <20030121094405.GA21197@rot13.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway <kris@obsecurity.org> writes:
> On Tue, Jan 21, 2003 at 10:15:02AM +0100, Miguel Mendez wrote:
> > On Mon, 20 Jan 2003 17:59:47 -0800 Kris Kennaway <kris@obsecurity.org> wrote:
> > >> [making libdialog safer }
> > > libdialog is rife with overflowable buffers..I'm not sure it would be
> > > safe even with this input method.
> >
> > Okay, I have another idea that might be a bit more productive, since the
> > code in libdialog seems to be nothing but a huge hack. How about
> > adopting tvision to replace dialog(3)? Libh uses tvision, and I've
> > thought about writing a small API compat glue (libtdialog.{so,a}) that
> > would allow legacy libdialog code to be linked with tvision without
> > modification. The only (big) drawback I see in tvision is that it's in
> > C++, otherwise is lightyears ahead of what dialog(3) currently offers.
>
> That could be quite a worthwhile project.
>
> Kris
There are alot of problems in the tvision library too. I made the
patch that 'allows' it to compile with gcc3.2.1. I did not correct
the problems in the since I am trying to focus on libh.
Max Okumoto
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?hfvg0i4ygf.fsf>