#14984: On POSIX, enforce permissions when reading default .netrc.

Initial patch by Bruno Piguet.

This is implemented as if a useful .netrc file could exist without passwords,
which is possible in the general case; but in fact our netrc implementation
does not support it.  Fixing that issue will be an enhancement.

1 files changed, 8 insertions, 0 deletions

diff --git a/Doc/library/netrc.rst b/Doc/library/netrc.rst
index 91990df..b6c1066 100644
--- a/Doc/library/netrc.rst
+++ b/Doc/library/netrc.rst
@@ -19,6 +19,14 @@ the Unix :program:`ftp` program and other FTP clients.
    no argument is given, the file :file:`.netrc` in the user's home directory will
    be read.  Parse errors will raise :exc:`NetrcParseError` with diagnostic
    information including the file name, line number, and terminating token.
+   If no argument is specified on a POSIX system, the presence of passwords in
+   the :file:`.netrc` file will raise a :exc:`NetrcParseError` if the file
+   ownership or permissions are insecure (owned by a user other than the user
+   running the process, or accessible for read or write by any other user).
+   This implements security behavior equivalent to that of ftp and other
+   programs that use :file:`.netrc`.
+
+   .. versionchanged:: 3.1.6 Added the POSIX permission check.
 
 
 .. exception:: NetrcParseError