This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author barry
Recipients barry, bruno.Piguet, giampaolo.rodola, r.david.murray
Date 2013-09-15.18:44:00
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <20130915144353.511490b3@anarchist>
In-reply-to <1379268303.47.0.458516318277.issue14984@psf.upfronthosting.co.za>
Content
On Sep 15, 2013, at 06:05 PM, R. David Murray wrote:

>For the security fix, the check should only be done if the file is the the
>default .netrc.  (Which would also make your error message
>correct...otherwise it is not :) Also, it would make more sense for the 'prop
>=' to be inside the 'if posix'.
>
>Barry, with that detail fixed should I apply this to 2.6?  (I'll tweak the
>error messages a bit, too.)

For the error message, I suggest including both os.getuid and prop.st_uid,
e.g. something like:

".netrc file is owned by (%d); should be (%d)" % (prop.st_uid, os.getuid())

NetrcParseError seems a little odd but I suppose I could justify incorrect
ownership or mode as a parse error.  We definitely don't want to introduce a
new exception for 2.6.9, so the only other option is an OSError I think.

RDM, can you write any tests for this issue?  Also, are any documentation
changes necessary?  I think this should be a candidate for 2.6.9.
History
Date User Action Args
2013-09-15 18:44:00barrysetrecipients: + barry, giampaolo.rodola, r.david.murray, bruno.Piguet
2013-09-15 18:44:00barrylinkissue14984 messages
2013-09-15 18:44:00barrycreate