LinHES

Passwords with @, $, *, ( or ) do not work when set from the menus.

This happens for userIDs on setup and on the web interface password. I almost was locked out of root when I first did this but then discovered I can sudo password from another userID. I except not everyone will think of this recovery.

I almost made this critical because it appears that the passwords are being executed by the shell in certain circumstances. See the last example below where I caused a "ls -l /home" to be executed. The following:
"x;sudo rm -rf /would be really really bad.

Examples (from running mythinstall -s webuser from the command line):

Password: x$$x
Result: adding webUSERNAME mythtv with pass x20767x

Password: x
Result: adding webUSERNAME mythtv with pass appletrailer.xml

Password: x(x)
Result: sh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `sudo myth_user_call -c web -umythtv -p x*x('

Password: x;ls -al /home
Result:
Running program to make the changes for web password adding webUSERNAME mythtv with pass x total 16 drwxr-xr-x 4 root root 4096 2009-06-20 11:48 . drwxr-xr-x 22 root root 4096 2009-06-20 17:08 .. drwx------ 5 allen allen 4096 2009-06-21 09:04 allen drwxr-xr-x 6 mythtv mythtv 4096 2009-06-21 09:13 mythtv i should save my settings(2) Europe/Berlin c save t syssettings template is syssettings d localhost 0 [mythtv@violet home]$