[New-bugs-announce] [issue14984] netrc module alows read of non-secured .netrc file
bruno Piguet
report at bugs.python.org
Sat Jun 2 14:53:41 CEST 2012
New submission from bruno Piguet <bruno.piguet at gmail.com>:
Most FTP clients require that the .netrc file be owned by the user and readable/writable by nobody other than the user (ie. permissions set to 0400 or 0600).
The netrc module doesn't do this kind of checking, allowing the use a .netrc file written or modified by somebody else.
----------
messages: 162132
nosy: bruno.Piguet
priority: normal
severity: normal
status: open
title: netrc module alows read of non-secured .netrc file
versions: Python 2.6
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14984>
_______________________________________
More information about the New-bugs-announce
mailing list