[issue14984] netrc module allows read of non-secured .netrc file
R. David Murray
report at bugs.python.org
Sun Sep 15 21:09:42 CEST 2013
R. David Murray added the comment:
Hmm. Answering the doc question caused me to run into something that calls the whole patch into question:
http://www.unix.com/unix-dummies-questions-answers/11326-netrc-refuses-password.html.
In that example, the ftp program only rejected reading the password from the .netrc file when the permissions were wrong, but otherwise happily read it. *That* would be a better backward compatibility fix. And yes, in that case I think we should probably put a note about it in the docs.
I'll update my patch and add the permissions test. I originally used OSError, but with the trigger on password only I think the parse error would actually be more appropriate, so I'll switch to that.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14984>
_______________________________________
More information about the Python-bugs-list
mailing list