-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix ncurses
crate
#30
Comments
That crate currently has exploitable security vulnerabilities in safe functions. There is even a security advisory about it: https://rustsec.org/advisories/RUSTSEC-2019-0006.html
|
:ferrisSweat: |
That crate's stated goal is to provide a thin Rust wrapper, so it should just be called |
one issue is that in ncurses there's a huge pile of CPP macros defined, so if you only expose the real functions you end up with a lib that is harder to use than "actual" ncurses. So some amount of something needs to happen |
There is one other crate wrapping ncurses - https://crates.io/crates/ncursesw Alternatively we can mark all |
it's maybe worth noting that, outside of very special circumstances, ncurses doesn't exist on modern systems. It's just a facade lib that actually wraps ncursesw anyway. |
It's a very low-download crate, but people still use it.
I've filed an issue just now asking them to remove all invalid
unsafe{}
blocks, and this issue here is just a bit of a tracker/reminder that the process has been poked in the right direction.The text was updated successfully, but these errors were encountered: