This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author barry
Recipients Arfrever, barry, benjamin.peterson, bruno.Piguet, georg.brandl, giampaolo.rodola, larry, r.david.murray
Date 2013-09-15.19:43:20
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1379274201.18.0.0446619131565.issue14984@psf.upfronthosting.co.za>
In-reply-to
Content
FWIW, the Ubuntu manpage netrc(5) says:

     password string
               Supply a password.  If this token is present, the auto-login
               process will supply the specified string if the remote server
               requires a password as part of the login process.  Note that
               if this token is present in the .netrc file for any user other
               than anonymous, ftp will abort the auto-login process if the
               .netrc is readable by anyone besides the user.

On Ubuntu, /usr/bin/ftp comes from the netkit-ftp package, which has this code in ruserpass.c:

		case PASSWD:
			if (*aname==NULL) {
	fprintf(stderr, "Error: `password' must follow `login' in .netrc\n");
				goto bad;
			}
			if (strcmp(*aname, "anonymous") &&
			    fstat(fileno(cfile), &stb) >= 0 &&
			    (stb.st_mode & 077) != 0) {
	fprintf(stderr, "Error - .netrc file not correct permissions.\n");
	fprintf(stderr, "Remove password or correct mode (should be 600).\n");
				goto bad;

So it looks like it's only doing a permission check too, and then only if it sees `password`. (FWIW, it does the same check, sans the "anonymous" check obviously, for `account`.)

Seems to me like only doing the permission check is sufficient, and in line with existing tools and documentation.  (Though technically, I suppose if you chowned ~/.netrc to someone other than yourself, it would be "readable by anyone besides the user".)
History
Date User Action Args
2013-09-15 19:43:21barrysetrecipients: + barry, georg.brandl, larry, giampaolo.rodola, benjamin.peterson, Arfrever, r.david.murray, bruno.Piguet
2013-09-15 19:43:21barrysetmessageid: <1379274201.18.0.0446619131565.issue14984@psf.upfronthosting.co.za>
2013-09-15 19:43:21barrylinkissue14984 messages
2013-09-15 19:43:20barrycreate