New submission from Andreas Költringer <[email protected]>:
On my first try to use the netrc module I got back the error:
"~/.netrc access too permissive: access permissions must restrict access to
only the owner"
I changed the file permissions and wrapped this up in try-except and went on to
write some unit tests (using tempfile), assuming that the file mode checks
would be performed on any netrc file I passed into the constructor (yes, I did
not read the documentation sufficiently well).
Anyway, I believe that these security checks should be done for any netrc file
(they contain sensitive information no matter where they are located on the
file system). There was already a discussion on the topic
https://bugs.python.org/issue14984
where there was concern regarding backwards-compatibility and the idea to
re-visit this issue "in the future". That was in 2013, so maybe this "future"
is now?
----------
components: Library (Lib)
messages: 313701
nosy: akoeltringer
priority: normal
severity: normal
status: open
title: netrc module validates file mode only for /home/user/.netrc
type: security
versions: Python 3.4, Python 3.5, Python 3.6, Python 3.7, Python 3.8
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue33059>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
