Barry A. Warsaw added the comment: On Sep 15, 2013, at 06:05 PM, R. David Murray wrote:
>For the security fix, the check should only be done if the file is the the >default .netrc. (Which would also make your error message >correct...otherwise it is not :) Also, it would make more sense for the 'prop >=' to be inside the 'if posix'. > >Barry, with that detail fixed should I apply this to 2.6? (I'll tweak the >error messages a bit, too.) For the error message, I suggest including both os.getuid and prop.st_uid, e.g. something like: ".netrc file is owned by (%d); should be (%d)" % (prop.st_uid, os.getuid()) NetrcParseError seems a little odd but I suppose I could justify incorrect ownership or mode as a parse error. We definitely don't want to introduce a new exception for 2.6.9, so the only other option is an OSError I think. RDM, can you write any tests for this issue? Also, are any documentation changes necessary? I think this should be a candidate for 2.6.9. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue14984> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com