Message197822
FWIW, the Ubuntu manpage netrc(5) says:
password string
Supply a password. If this token is present, the auto-login
process will supply the specified string if the remote server
requires a password as part of the login process. Note that
if this token is present in the .netrc file for any user other
than anonymous, ftp will abort the auto-login process if the
.netrc is readable by anyone besides the user.
On Ubuntu, /usr/bin/ftp comes from the netkit-ftp package, which has this code in ruserpass.c:
case PASSWD:
if (*aname==NULL) {
fprintf(stderr, "Error: `password' must follow `login' in .netrc\n");
goto bad;
}
if (strcmp(*aname, "anonymous") &&
fstat(fileno(cfile), &stb) >= 0 &&
(stb.st_mode & 077) != 0) {
fprintf(stderr, "Error - .netrc file not correct permissions.\n");
fprintf(stderr, "Remove password or correct mode (should be 600).\n");
goto bad;
So it looks like it's only doing a permission check too, and then only if it sees `password`. (FWIW, it does the same check, sans the "anonymous" check obviously, for `account`.)
Seems to me like only doing the permission check is sufficient, and in line with existing tools and documentation. (Though technically, I suppose if you chowned ~/.netrc to someone other than yourself, it would be "readable by anyone besides the user".) |
|
Date |
User |
Action |
Args |
2013-09-15 19:43:21 | barry | set | recipients:
+ barry, georg.brandl, larry, giampaolo.rodola, benjamin.peterson, Arfrever, r.david.murray, bruno.Piguet |
2013-09-15 19:43:21 | barry | set | messageid: <1379274201.18.0.0446619131565.issue14984@psf.upfronthosting.co.za> |
2013-09-15 19:43:21 | barry | link | issue14984 messages |
2013-09-15 19:43:20 | barry | create | |
|