Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
cpython
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
cpython
Commits
4a3167ab
Commit
4a3167ab
authored
Sep 17, 2013
by
R David Murray
Browse files
Options
Browse Files
Download
Plain Diff
Merge #14984: On POSIX, enforce permissions when reading default .netrc.
parents
03a769ec
c8ca97de
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
61 additions
and
6 deletions
+61
-6
Doc/library/netrc.rst
Doc/library/netrc.rst
+8
-0
Lib/netrc.py
Lib/netrc.py
+24
-3
Lib/test/test_netrc.py
Lib/test/test_netrc.py
+23
-3
Misc/NEWS
Misc/NEWS
+6
-0
No files found.
Doc/library/netrc.rst
View file @
4a3167ab
...
@@ -22,6 +22,14 @@ the Unix :program:`ftp` program and other FTP clients.
...
@@ -22,6 +22,14 @@ the Unix :program:`ftp` program and other FTP clients.
no argument is given, the file :file:`.netrc` in the user's home directory will
no argument is given, the file :file:`.netrc` in the user's home directory will
be read. Parse errors will raise :exc:`NetrcParseError` with diagnostic
be read. Parse errors will raise :exc:`NetrcParseError` with diagnostic
information including the file name, line number, and terminating token.
information including the file name, line number, and terminating token.
If no argument is specified on a POSIX system, the presence of passwords in
the :file:`.netrc` file will raise a :exc:`NetrcParseError` if the file
ownership or permissions are insecure (owned by a user other than the user
running the process, or accessible for read or write by any other user).
This implements security behavior equivalent to that of ftp and other
programs that use :file:`.netrc`.
.. versionchanged:: 3.2.6 Added the POSIX permission check.
.. exception:: NetrcParseError
.. exception:: NetrcParseError
...
...
Lib/netrc.py
View file @
4a3167ab
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
# Module and documentation by Eric S. Raymond, 21 Dec 1998
# Module and documentation by Eric S. Raymond, 21 Dec 1998
import
io
,
os
,
shlex
import
io
,
os
,
shlex
,
stat
,
pwd
__all__
=
[
"netrc"
,
"NetrcParseError"
]
__all__
=
[
"netrc"
,
"NetrcParseError"
]
...
@@ -21,6 +21,7 @@ class NetrcParseError(Exception):
...
@@ -21,6 +21,7 @@ class NetrcParseError(Exception):
class
netrc
:
class
netrc
:
def
__init__
(
self
,
file
=
None
):
def
__init__
(
self
,
file
=
None
):
default_netrc
=
file
is
None
if
file
is
None
:
if
file
is
None
:
try
:
try
:
file
=
os
.
path
.
join
(
os
.
environ
[
'HOME'
],
".netrc"
)
file
=
os
.
path
.
join
(
os
.
environ
[
'HOME'
],
".netrc"
)
...
@@ -29,9 +30,9 @@ class netrc:
...
@@ -29,9 +30,9 @@ class netrc:
self
.
hosts
=
{}
self
.
hosts
=
{}
self
.
macros
=
{}
self
.
macros
=
{}
with
open
(
file
)
as
fp
:
with
open
(
file
)
as
fp
:
self
.
_parse
(
file
,
fp
)
self
.
_parse
(
file
,
fp
,
default_netrc
)
def
_parse
(
self
,
file
,
fp
):
def
_parse
(
self
,
file
,
fp
,
default_netrc
):
lexer
=
shlex
.
shlex
(
fp
)
lexer
=
shlex
.
shlex
(
fp
)
lexer
.
wordchars
+=
r"""!"#$%&'()*+,-./:;<=>?@[\
]^_`{|}~
"""
lexer
.
wordchars
+=
r"""!"#$%&'()*+,-./:;<=>?@[\
]^_`{|}~
"""
lexer.commenters = lexer.commenters.replace('#', '')
lexer.commenters = lexer.commenters.replace('#', '')
...
@@ -86,6 +87,26 @@ class netrc:
...
@@ -86,6 +87,26 @@ class netrc:
elif tt == 'account':
elif tt == 'account':
account = lexer.get_token()
account = lexer.get_token()
elif tt == 'password':
elif tt == 'password':
if os.name == 'posix' and default_netrc:
prop = os.fstat(fp.fileno())
if prop.st_uid != os.getuid():
try:
fowner = pwd.getpwuid(prop.st_uid)[0]
except KeyError:
fowner = 'uid %s' % prop.st_uid
try:
user = pwd.getpwuid(os.getuid())[0]
except KeyError:
user = 'uid %s' % os.getuid()
raise NetrcParseError(
("~/.netrc file owner (%s) does not match"
" current user (%s)") % (fowner, user),
file, lexer.lineno)
if (prop.st_mode & (stat.S_IRWXG | stat.S_IRWXO)):
raise NetrcParseError(
"~/.netrc access too permissive: access"
" permissions must restrict access to only"
" the owner", file, lexer.lineno)
password = lexer.get_token()
password = lexer.get_token()
else:
else:
raise NetrcParseError("bad follower token %r" % tt,
raise NetrcParseError("bad follower token %r" % tt,
...
...
Lib/test/test_netrc.py
View file @
4a3167ab
...
@@ -5,9 +5,6 @@ temp_filename = support.TESTFN
...
@@ -5,9 +5,6 @@ temp_filename = support.TESTFN
class
NetrcTestCase
(
unittest
.
TestCase
):
class
NetrcTestCase
(
unittest
.
TestCase
):
def
tearDown
(
self
):
os
.
unlink
(
temp_filename
)
def
make_nrc
(
self
,
test_data
):
def
make_nrc
(
self
,
test_data
):
test_data
=
textwrap
.
dedent
(
test_data
)
test_data
=
textwrap
.
dedent
(
test_data
)
mode
=
'w'
mode
=
'w'
...
@@ -15,6 +12,7 @@ class NetrcTestCase(unittest.TestCase):
...
@@ -15,6 +12,7 @@ class NetrcTestCase(unittest.TestCase):
mode
+=
't'
mode
+=
't'
with
open
(
temp_filename
,
mode
)
as
fp
:
with
open
(
temp_filename
,
mode
)
as
fp
:
fp
.
write
(
test_data
)
fp
.
write
(
test_data
)
self
.
addCleanup
(
os
.
unlink
,
temp_filename
)
return
netrc
.
netrc
(
temp_filename
)
return
netrc
.
netrc
(
temp_filename
)
def
test_default
(
self
):
def
test_default
(
self
):
...
@@ -103,6 +101,28 @@ class NetrcTestCase(unittest.TestCase):
...
@@ -103,6 +101,28 @@ class NetrcTestCase(unittest.TestCase):
"""
,
'#pass'
)
"""
,
'#pass'
)
@
unittest
.
skipUnless
(
os
.
name
==
'posix'
,
'POSIX only test'
)
def
test_security
(
self
):
# This test is incomplete since we are normally not run as root and
# therefore can't test the file ownership being wrong.
d
=
support
.
TESTFN
os
.
mkdir
(
d
)
self
.
addCleanup
(
support
.
rmtree
,
d
)
fn
=
os
.
path
.
join
(
d
,
'.netrc'
)
with
open
(
fn
,
'wt'
)
as
f
:
f
.
write
(
"""
\
machine foo.domain.com login bar password pass
default login foo password pass
"""
)
with
support
.
EnvironmentVarGuard
()
as
environ
:
environ
.
set
(
'HOME'
,
d
)
os
.
chmod
(
fn
,
0o600
)
nrc
=
netrc
.
netrc
()
self
.
assertEqual
(
nrc
.
hosts
[
'foo.domain.com'
],
(
'bar'
,
None
,
'pass'
))
os
.
chmod
(
fn
,
0o622
)
self
.
assertRaises
(
netrc
.
NetrcParseError
,
netrc
.
netrc
)
def
test_main
():
def
test_main
():
support
.
run_unittest
(
NetrcTestCase
)
support
.
run_unittest
(
NetrcTestCase
)
...
...
Misc/NEWS
View file @
4a3167ab
...
@@ -10,6 +10,12 @@ What's New in Python 3.2.6?
...
@@ -10,6 +10,12 @@ What's New in Python 3.2.6?
Library
Library
-------
-------
- Issue #14984: On POSIX systems, when netrc is called without a filename
argument (and therefore is reading the user's $HOME/.netrc file), it now
enforces the same security rules as typical ftp clients: the .netrc file must
be owned by the user that owns the process and must not be readable by any
other user.
- Fix tkinter regression introduced by the security fix in issue #16248.
- Fix tkinter regression introduced by the security fix in issue #16248.
- Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of
- Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment