New submission from Andreas Költringer <>:

On my first try to use the netrc module I got back the error: 

    "~/.netrc access too permissive: access permissions must restrict access to 
only the owner"

I changed the file permissions and wrapped this up in try-except and went on to 
write some unit tests (using tempfile), assuming that the file mode checks 
would be performed on any netrc file I passed into the constructor (yes, I did 
not read the documentation sufficiently well).

Anyway, I believe that these security checks should be done for any netrc file 
(they contain sensitive information no matter where they are located on the 
file system). There was already a discussion on the topic

where there was concern regarding backwards-compatibility and the idea to 
re-visit this issue "in the future". That was in 2013, so maybe this "future" 
is now?

components: Library (Lib)
messages: 313701
nosy: akoeltringer
priority: normal
severity: normal
status: open
title: netrc module validates file mode only for /home/user/.netrc
type: security
versions: Python 3.4, Python 3.5, Python 3.6, Python 3.7, Python 3.8

Python tracker <>
Python-bugs-list mailing list

Reply via email to