#14984: On POSIX, enforce permissions when reading default .netrc. Initial patch by Bruno Piguet. This is implemented as if a useful .netrc file could exist without passwords, which is possible in the general case; but in fact our netrc implementation does not support it. Fixing that issue will be an enhancement.

commit: 4189b67a66afc7a5d4ed9ef39c9f8187d98e7909 [log] [tgz]
author: R David Murray <rdmurray@bitdance.com> Mon Sep 16 13:48:44 2013 -0400
committer: R David Murray <rdmurray@bitdance.com> Mon Sep 16 13:48:44 2013 -0400
tree: 202254f086d26dabc01be2f2abb331cd996f829e
parent: 503baf9ecd2cc5fb0bb85cec99c300862c02de85 [diff] [blame]
diff --git a/Misc/NEWS b/Misc/NEWS
index de8c202..833cd05 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -13,6 +13,12 @@
 Library
 -------
 
+- Issue #14984: On POSIX systems, when netrc is called without a filename
+  argument (and therefore is reading the user's $HOME/.netrc file), it now
+  enforces the same security rules as typical ftp clients: the .netrc file must
+  be owned by the user that owns the process and must not be readable by any
+  other user.
+
 - Issue #16248: Disable code execution from the user's home directory by
   tkinter when the -E flag is passed to Python.  Patch by Zachary Ware.
commit	4189b67a66afc7a5d4ed9ef39c9f8187d98e7909	[log] [tgz]
author	R David Murray <rdmurray@bitdance.com>	Mon Sep 16 13:48:44 2013 -0400
committer	R David Murray <rdmurray@bitdance.com>	Mon Sep 16 13:48:44 2013 -0400
tree	202254f086d26dabc01be2f2abb331cd996f829e
parent	503baf9ecd2cc5fb0bb85cec99c300862c02de85 [diff] [blame]