Ingo Schwarze <schwa...@usta.de> wrote: > It would, and in principle, that would be an improvement. > But i think editline(3) code quality is insufficent for use in a > shell. It's all quite messy and hastily and sloppily written. > I tried to polish some of it in the past, but got distracted, > so editline(3) code is still full of stuff that needs review > and quality improvement. > > Actually, i'm a bit scared that sftp(1) uses it. Then again, i'm not > aware that it caused any major vulnerabilities in the past, and the > OpenSSH developers are not at all reckless people, so i am sure they > know what they are doing.
Coincidentally, I actually found two non-critical out-of-bounds memory accesses in the NetBSD version of editline two years ago [1] [2]. Quickly checking the OpenBSD code, it seems the associated fixes haven't made their way into the OpenBSD editline version yet. Not sure if/how this is normally done but maybe it makes sense to (partially) sync the OpenBSD version with the NetBSD one? The latter has accumulated a few general improvements over the past years. Either way, I do understand your resentment towards using editline in ksh. Greetings, Sören [1]: https://github.com/NetBSD/src/commit/e93ca0319937d29fabb0a98abfdbef65a55dba9a [2]: https://github.com/NetBSD/src/commit/f6dff047a3ee27c332a60cef9c76355093a4e05e
