summaryrefslogtreecommitdiffstats
path: root/Misc
diff options
context:
space:
mode:
authorR David Murray <rdmurray@bitdance.com>2013-09-18 00:32:54 (GMT)
committerR David Murray <rdmurray@bitdance.com>2013-09-18 00:32:54 (GMT)
commit8270a2c209836c49fb2909c3af6117c46439b86e (patch)
tree76f71c56f744f5aa050cf07b6f326029c6ce7097 /Misc
parent945a251e4ab8b4ebbb77604a64fa9b53b725ec6c (diff)
parent104aab956f6de4131cab800f742cc108f9f92edf (diff)
downloadcpython-8270a2c209836c49fb2909c3af6117c46439b86e.zip
cpython-8270a2c209836c49fb2909c3af6117c46439b86e.tar.gz
cpython-8270a2c209836c49fb2909c3af6117c46439b86e.tar.bz2
Merge #14984: On POSIX, enforce permissions when reading default .netrc.
Diffstat (limited to 'Misc')
-rw-r--r--Misc/NEWS6
1 files changed, 6 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 2b07ae3..6488b75 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,12 @@ What's New in Python 3.2.6?
Library
-------
+- Issue #14984: On POSIX systems, when netrc is called without a filename
+ argument (and therefore is reading the user's $HOME/.netrc file), it now
+ enforces the same security rules as typical ftp clients: the .netrc file must
+ be owned by the user that owns the process and must not be readable by any
+ other user.
+
- Fix tkinter regression introduced by the security fix in issue #16248.
- Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of