#14984: On POSIX, enforce permissions when reading default .netrc.
Initial patch by Bruno Piguet.
This is implemented as if a useful .netrc file could exist without passwords,
which is possible in the general case; but in fact our netrc implementation
does not support it. Fixing that issue will be an enhancement.
diff --git a/Doc/library/netrc.rst b/Doc/library/netrc.rst
index 91990df..b6c1066 100644
--- a/Doc/library/netrc.rst
+++ b/Doc/library/netrc.rst
@@ -19,6 +19,14 @@
no argument is given, the file :file:`.netrc` in the user's home directory will
be read. Parse errors will raise :exc:`NetrcParseError` with diagnostic
information including the file name, line number, and terminating token.
+ If no argument is specified on a POSIX system, the presence of passwords in
+ the :file:`.netrc` file will raise a :exc:`NetrcParseError` if the file
+ ownership or permissions are insecure (owned by a user other than the user
+ running the process, or accessible for read or write by any other user).
+ This implements security behavior equivalent to that of ftp and other
+ programs that use :file:`.netrc`.
+
+ .. versionchanged:: 3.1.6 Added the POSIX permission check.
.. exception:: NetrcParseError