Recently Vincent Bernat wrote about writing his own simple terminal, using
vte. That was a fun read, as the sample code built really easily and was functional.
At the end of his post he said :
evilvte is quite customizable and can be lightweight. Consider it as a first alternative. Honestly, I don’t remember why I didn’t pick it.
That set me off looking at
evilvte, and it was one of those rare
projects which seems to be pretty stable, and also hasn't changed in any
recent release of Debian GNU/Linux:
- lenny had 0.4.3-1.
- etch had nothing.
- squeeze had 0.4.6-1.
- wheezy has release 0.5.1-1.
- jessie has release 0.5.1-1.
- stretch has release 0.5.1-1.
- sid has release 0.5.1-1.
I wonder if it would be possible to easily generate a list of packages which have the same revision in multiple distributions? Anyway I had a look at the source, and unfortunately spotted that it didn't entirely handle clicking on hyperlinks terribly well. Clicking on a link would pretty much run:
That meant there was an obvious security problem.
It is a great terminal though, and it just goes to show how short, simple, and readable such things can be. I enjoyed looking at the source, and furthermore enjoyed using it. Unfortunately due to a dependency issue it looks like this package will be removed from stretch.
Tags: security, vte 2 comments
I didn't look at the state of evilvte when writing the article. It seems to be dead. I'll try to point people to other alternatives instead. evilvte was great because you could customize and recompile and be sure the terminal has just the features you need. And all features from libvte were exposed this way.