#14984: On POSIX, enforce permissions when reading default .netrc.

Initial patch by Bruno Piguet. This is implemented as if a useful .netrc file could exist without passwords, which is possible in the general case; but in fact our netrc implementation does not support it. Fixing that issue will be an enhancement.
author: R David Murray <rdmurray@bitdance.com> 2013-09-18 00:30:02 (GMT)
committer: R David Murray <rdmurray@bitdance.com> 2013-09-18 00:30:02 (GMT)
commit: 104aab956f6de4131cab800f742cc108f9f92edf (patch)
tree: 2d651d492a76a00270e0c86bf9c1a2a289e12219 /Misc
parent: c17a8dfaca76016202c49b2150c946f5ba70db29 (diff)
download: cpython-104aab956f6de4131cab800f742cc108f9f92edf.zip
cpython-104aab956f6de4131cab800f742cc108f9f92edf.tar.gz
cpython-104aab956f6de4131cab800f742cc108f9f92edf.tar.bz2
1 files changed, 6 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 0b5fab4..89ee27d 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,12 @@ Core and Builtins
 Library
 -------
 
+- Issue #14984: On POSIX systems, when netrc is called without a filename
+  argument (and therefore is reading the user's $HOME/.netrc file), it now
+  enforces the same security rules as typical ftp clients: the .netrc file must
+  be owned by the user that owns the process and must not be readable by any
+  other user.
+
 - Issue #16248: Disable code execution from the user's home directory by tkinter
   when the -E flag is passed to Python.
author	R David Murray <rdmurray@bitdance.com>	2013-09-18 00:30:02 (GMT)
committer	R David Murray <rdmurray@bitdance.com>	2013-09-18 00:30:02 (GMT)
commit	104aab956f6de4131cab800f742cc108f9f92edf (patch)
tree	2d651d492a76a00270e0c86bf9c1a2a289e12219 /Misc
parent	c17a8dfaca76016202c49b2150c946f5ba70db29 (diff)
download	cpython-104aab956f6de4131cab800f742cc108f9f92edf.zip cpython-104aab956f6de4131cab800f742cc108f9f92edf.tar.gz cpython-104aab956f6de4131cab800f742cc108f9f92edf.tar.bz2