[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: missing use_terminfo_vars() calls in ncurses-5.1-20001007
|
From: |
Thomas Dickey |
|
Subject: |
Re: missing use_terminfo_vars() calls in ncurses-5.1-20001007 |
|
Date: |
Sun, 8 Oct 2000 21:13:22 -0400 |
On Sun, Oct 08, 2000 at 06:41:24PM -0600, Todd C. Miller wrote:
> In message <address@hidden>
> so spake Thomas Dickey (dickey):
>
> > I left $TERMCAP in (the non-pathname case) because in the places where
> > it's needed, it's because of stuff like xterm setting it for old apps
> > that don't get the screen size. I don't see the harm in leaving it
> > there.
>
> It's the same issue as ~/.termcap and TERMPATH since a user can put
> arbitrary things in there and then run a privileged program.
But the system termcap/terminfo can contain a lot of different things
already, that you can't verify in advance. The point in disregarding
environment variables (and local dot-files) is to avoid surprises.
As far as putting arbitrary things in the description, it would be
perhaps better to plug the holes that the arbitrary things could
exploit. (I had in mind disallowing string parameters to tparm).
--
Thomas E. Dickey <address@hidden>
http://dickey.his.com
ftp://dickey.his.com