Message197808
On Sep 15, 2013, at 06:05 PM, R. David Murray wrote:
>For the security fix, the check should only be done if the file is the the
>default .netrc. (Which would also make your error message
>correct...otherwise it is not :) Also, it would make more sense for the 'prop
>=' to be inside the 'if posix'.
>
>Barry, with that detail fixed should I apply this to 2.6? (I'll tweak the
>error messages a bit, too.)
For the error message, I suggest including both os.getuid and prop.st_uid,
e.g. something like:
".netrc file is owned by (%d); should be (%d)" % (prop.st_uid, os.getuid())
NetrcParseError seems a little odd but I suppose I could justify incorrect
ownership or mode as a parse error. We definitely don't want to introduce a
new exception for 2.6.9, so the only other option is an OSError I think.
RDM, can you write any tests for this issue? Also, are any documentation
changes necessary? I think this should be a candidate for 2.6.9. |
|
Date |
User |
Action |
Args |
2013-09-15 18:44:00 | barry | set | recipients:
+ barry, giampaolo.rodola, r.david.murray, bruno.Piguet |
2013-09-15 18:44:00 | barry | link | issue14984 messages |
2013-09-15 18:44:00 | barry | create | |
|