#14984: On POSIX, enforce permissions when reading default .netrc.
Initial patch by Bruno Piguet.
This is implemented as if a useful .netrc file could exist without passwords,
which is possible in the general case; but in fact our netrc implementation
does not support it. Fixing that issue will be an enhancement.
diff --git a/Doc/library/netrc.rst b/Doc/library/netrc.rst
index 8a2f1c6..9792799 100644
--- a/Doc/library/netrc.rst
+++ b/Doc/library/netrc.rst
@@ -21,6 +21,12 @@
no argument is given, the file :file:`.netrc` in the user's home directory will
be read. Parse errors will raise :exc:`NetrcParseError` with diagnostic
information including the file name, line number, and terminating token.
+ If no argument is specified on a POSIX system, the presence of passwords in
+ the :file:`.netrc` file will raise a :exc:`NetrcParseError` if the file
+ ownership or permissions are insecure (owned by a user other than the user
+ running the process, or accessible for read or write by any other user).
+ This implements security behavior equivalent to that of ftp and other
+ programs that use :file:`.netrc`.
.. exception:: NetrcParseError