rp3-config performs inadequate parameter validation on the account name, username and phone number fields (possibly others) during PPP configuration. Strings containing characters such as < > ; & ( ) { } [ ] may be arbitrarily written to the ifcfg-pppN files, where they will cause assorted malfunctions when trying to use those connections. These may be used to execute arbitrary commands as root (set account name to foo;ls>/tmp/bar, e.g.), but since rp3-config is subject to root password authentication, this probably isn't an issue. It becomes one, however, if there is any way to run rp3-config without authentication. Proper behavior in this instance would be very rigorous escaping, or better the deletion of any nonalphanumeric characters, in all fields. As a possibly unrelated bug, when characters appear in the entry string that are escaped by rp3-config on the way down to the config file, a few characters of random gibberish may be appended to the end of the line, suggesting a buffer problem of some persuasion. I'll download the source and try to supply a fix. Reproduction: repeatable. Consequence: breaks the PPP connect by causing shell syntax errors; remote chance of root compromise if rp3-config can be run without root-pw authentication. Procedure: edit an existing PPP configuration. in account name or username fields, enter "foo (bar)" (no quotes), or "snaf;ls>/tmp/foo" (no quotes). File written to ifcfg-pppN will have a form similar to the following: DEVICE=ppp1 NAME=ISP;ls>/tmp/acctname WVDIALSECT=ISP;ls>/tmp/acctname MODEMPORT=/dev/ttyS0 Running usernet after something of this sort is done yields a slew of gtk warnings.
This should already be fixed in CVS. *** This bug has been marked as a duplicate of 15211 ***