#14984: On POSIX, enforce permissions when reading default .netrc.

Initial patch by Bruno Piguet. This is implemented as if a useful .netrc file could exist without passwords, which is possible in the general case; but in fact our netrc implementation does not support it. Fixing that issue will be an enhancement.
author: R David Murray <rdmurray@bitdance.com> 2013-09-16 17:48:44 (GMT)
committer: R David Murray <rdmurray@bitdance.com> 2013-09-16 17:48:44 (GMT)
commit: 4189b67a66afc7a5d4ed9ef39c9f8187d98e7909 (patch)
tree: 202254f086d26dabc01be2f2abb331cd996f829e /Misc/NEWS
parent: 503baf9ecd2cc5fb0bb85cec99c300862c02de85 (diff)
download: cpython-4189b67a66afc7a5d4ed9ef39c9f8187d98e7909.zip
cpython-4189b67a66afc7a5d4ed9ef39c9f8187d98e7909.tar.gz
cpython-4189b67a66afc7a5d4ed9ef39c9f8187d98e7909.tar.bz2
1 files changed, 6 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index de8c202..833cd05 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,12 @@ Core and Builtins
 Library
 -------
 
+- Issue #14984: On POSIX systems, when netrc is called without a filename
+  argument (and therefore is reading the user's $HOME/.netrc file), it now
+  enforces the same security rules as typical ftp clients: the .netrc file must
+  be owned by the user that owns the process and must not be readable by any
+  other user.
+
 - Issue #16248: Disable code execution from the user's home directory by
   tkinter when the -E flag is passed to Python.  Patch by Zachary Ware.
author	R David Murray <rdmurray@bitdance.com>	2013-09-16 17:48:44 (GMT)
committer	R David Murray <rdmurray@bitdance.com>	2013-09-16 17:48:44 (GMT)
commit	4189b67a66afc7a5d4ed9ef39c9f8187d98e7909 (patch)
tree	202254f086d26dabc01be2f2abb331cd996f829e /Misc/NEWS
parent	503baf9ecd2cc5fb0bb85cec99c300862c02de85 (diff)
download	cpython-4189b67a66afc7a5d4ed9ef39c9f8187d98e7909.zip cpython-4189b67a66afc7a5d4ed9ef39c9f8187d98e7909.tar.gz cpython-4189b67a66afc7a5d4ed9ef39c9f8187d98e7909.tar.bz2