Recently Vincent Bernat wrote about writing his own simple terminal, using vte. That was a fun read, as the sample code built really easily and was functional.
At the end of his post he said :
evilvte is quite customizable and can be lightweight. Consider it as a first alternative. Honestly, I don’t remember why I didn’t pick it.
That set me off looking at evilvte, and it was one of those rare
projects which seems to be pretty stable, and also hasn't changed in any
recent release of Debian GNU/Linux:
- lenny had 0.4.3-1.
- etch had nothing.
- squeeze had 0.4.6-1.
- wheezy has release 0.5.1-1.
- jessie has release 0.5.1-1.
- stretch has release 0.5.1-1.
- sid has release 0.5.1-1.
I wonder if it would be possible to easily generate a list of packages which have the same revision in multiple distributions? Anyway I had a look at the source, and unfortunately spotted that it didn't entirely handle clicking on hyperlinks terribly well. Clicking on a link would pretty much run:
firefox '%s'
That meant there was an obvious security problem.
It is a great terminal though, and it just goes to show how short, simple, and readable such things can be. I enjoyed looking at the source, and furthermore enjoyed using it. Unfortunately due to a dependency issue it looks like this package will be removed from stretch.
Tags: security, vte 2 comments