From: R David Murray Date: Wed, 18 Sep 2013 01:28:17 +0000 (-0400) Subject: Merge #14984: On POSIX, enforce permissions when reading default .netrc. X-Git-Tag: v3.4.0a3~47^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4750fa8369407a2a77d40f5aa3e681e80ca08f42;p=python Merge #14984: On POSIX, enforce permissions when reading default .netrc. --- 4750fa8369407a2a77d40f5aa3e681e80ca08f42 diff --cc Doc/library/netrc.rst index 3f38cbce7a,564f101554..23ffed69eb --- a/Doc/library/netrc.rst +++ b/Doc/library/netrc.rst @@@ -22,6 -22,14 +22,14 @@@ the Unix :program:`ftp` program and oth no argument is given, the file :file:`.netrc` in the user's home directory will be read. Parse errors will raise :exc:`NetrcParseError` with diagnostic information including the file name, line number, and terminating token. + If no argument is specified on a POSIX system, the presence of passwords in + the :file:`.netrc` file will raise a :exc:`NetrcParseError` if the file + ownership or permissions are insecure (owned by a user other than the user + running the process, or accessible for read or write by any other user). + This implements security behavior equivalent to that of ftp and other + programs that use :file:`.netrc`. + - .. versionchanged:: 3.3.3 Added the POSIX permission check. ++ .. versionchanged:: 3.4 Added the POSIX permission check. .. exception:: NetrcParseError diff --cc Misc/NEWS index 2f51307866,39ef595809..f6636cc5e3 --- a/Misc/NEWS +++ b/Misc/NEWS @@@ -7,130 -12,80 +7,136 @@@ Projected Release date: 2013-09-2 Core and Builtins ----------------- -- Issue #18942: sys._debugmallocstats() output was damaged on Windows. +- Issue #18818: The "encodingname" part of PYTHONIOENCODING is now optional. -- Issue #18667: Add missing "HAVE_FCHOWNAT" symbol to posix._have_functions. +Library +------- -- Issue #18368: PyOS_StdioReadline() no longer leaks memory when realloc() - fails. ++- Issue #14984: On POSIX systems, when netrc is called without a filename ++ argument (and therefore is reading the user's $HOME/.netrc file), it now ++ enforces the same security rules as typical ftp clients: the .netrc file must ++ be owned by the user that owns the process and must not be readable by any ++ other user. + -- Issue #16741: Fix an error reporting in int(). +- Issue #18873: The tokenize module now detects Python source code encoding + only in comment lines. -- Issue #17899: Fix rare file descriptor leak in os.listdir(). +- Issue #17764: Enable http.server to bind to a user specified network + interface. Patch contributed by Malte Swart. -- Issue #18552: Check return value of PyArena_AddPyObject() in - obj2ast_object(). +- Issue #18937: Add an assertLogs() context manager to unittest.TestCase + to ensure that a block of code emits a message using the logging module. -- Issue #18560: Fix potential NULL pointer dereference in sum(). +- Issue #17324: Fix http.server's request handling case on trailing '/'. Patch + contributed by Vajrasky Kok. -- Issue #15905: Fix theoretical buffer overflow in handling of sys.argv[0], - prefix and exec_prefix if the operation system does not obey MAXPATHLEN. +- Issue #19018: The heapq.merge() function no longer suppresses IndexError + in the underlying iterables. -- Issue #18344: Fix potential ref-leaks in _bufferedreader_read_all(). +- Issue #18784: The uuid module no more attempts to load libc via ctypes.CDLL, + if all necessary functions are already found in libuuid. + Patch by Evgeny Sologubov. -- Issue #17872: Fix a segfault in marshal.load() when input stream returns - more bytes than requested. +- The :envvar:`PYTHONFAULTHANDLER` environment variable now only enables the + faulthandler module if the variable is non-empty. Same behaviour than other + variables like :envvar:`PYTHONDONTWRITEBYTECODE`. -- Issue #18426: Fix NULL pointer dereference in C extension import when - PyModule_GetDef() returns an error. +- Issue #1565525: New function ``traceback.clear_frames`` will clear + the local variables of all the stack frames referenced by a traceback + object. -- Issue #18328: Reorder ops in PyThreadState_Delete*() functions. Now the - tstate is first removed from TLS and then deallocated. -- Issue #18184: PyUnicode_FromFormat() and PyUnicode_FromFormatV() now raise - OverflowError when an argument of %c format is out of range. +Tests +----- -- Issue #18137: Detect integer overflow on precision in float.__format__() - and complex.__format__(). +- Issue #18952: Fix regression in support data downloads introduced when + test.support was converted to a package. Regression noticed by Zachary + Ware. -- Issue #18183: Fix various unicode operations on strings with large unicode - codepoints. +IDLE +---- -- Issue #18180: Fix ref leak in _PyImport_GetDynLoadWindows(). +- Issue #18873: IDLE now detects Python source code encoding only in comment + lines. -- Issue #18038: SyntaxError raised during compilation sources with illegal - encoding now always contains an encoding name. +- Issue #18988: The "Tab" key now works when a word is already autocompleted. -- Issue #17644: Fix a crash in str.format when curly braces are used in square - brackets. +Documentation +------------- -- Issue #17983: Raise a SyntaxError for a ``global __class__`` statement in a - class body. +- Issue #17003: Unified the size argument names in the io module with common + practice. -- Issue #17927: Frame objects kept arguments alive if they had been copied into - a cell, even if the cell was cleared. +Tools/Demos +----------- -Library -------- +- Issue #18873: 2to3 and the findnocoding.py script now detect Python source + code encoding only in comment lines. -- Issue #14984: On POSIX systems, when netrc is called without a filename - argument (and therefore is reading the user's $HOME/.netrc file), it now - enforces the same security rules as typical ftp clients: the .netrc file must - be owned by the user that owns the process and must not be readable by any - other user. -- Issue #18873: The tokenize module now detects Python source code encoding - only in comment lines. +What's New in Python 3.4.0 Alpha 2? +=================================== -- Issue #17324: Fix http.server's request handling case on trailing '/'. Patch - contributed by Vajrasky Kok. +Release date: 2013-09-09 -- Issue #19018: The heapq.merge() function no longer suppresses IndexError - in the underlying iterables. +Core and Builtins +----------------- -- Issue #18784: The uuid module no more attempts to load libc via ctypes.CDLL, - if all necessary functions are already found in libuuid. - Patch by Evgeny Sologubov. +- Issue #18942: sys._debugmallocstats() output was damaged on Windows. + +- Issue #18571: Implementation of the PEP 446: file descriptors and file + handles are now created non-inheritable; add functions + os.get/set_inheritable(), os.get/set_handle_inheritable() and + socket.socket.get/set_inheritable(). + +- Issue #11619: The parser and the import machinery do not encode Unicode + filenames anymore on Windows. + +- Issue #18808: Non-daemon threads are now automatically joined when + a sub-interpreter is shutdown (it would previously dump a fatal error). + +- Remove supporting for compiling on systems without getcwd(). + +- Issue #18774: Remove last bits of GNU PTH thread code and thread_pth.h. + +- Issue #18771: Add optimization to set object lookups to reduce the cost + of hash collisions. The core idea is to inspect a second key/hash pair + for each cache line retrieved. + +- Issue #16105: When a signal handler fails to write to the file descriptor + registered with ``signal.set_wakeup_fd()``, report an exception instead + of ignoring the error. + +- Issue #18722: Remove uses of the "register" keyword in C code. + +- Issue #18667: Add missing "HAVE_FCHOWNAT" symbol to posix._have_functions. + +- Issue #16499: Add command line option for isolated mode. + +- Issue #15301: Parsing fd, uid, and gid parameters for builtins + in Modules/posixmodule.c is now far more robust. + +- Issue #18368: PyOS_StdioReadline() no longer leaks memory when realloc() + fail. + +- Issue #17934: Add a clear() method to frame objects, to help clean up + expensive details (local variables) and break reference cycles. + +- Issue #18780: %-formatting codes %d, %i, and %u now treat int-subclasses + as int (displays value of int-subclass instead of str(int-subclass) ). + +Library +------- + +- Issue #18808: Thread.join() now waits for the underlying thread state to + be destroyed before returning. This prevents unpredictable aborts in + Py_EndInterpreter() when some non-daemon threads are still running. + +- Issue #18458: Prevent crashes with newer versions of libedit. Its readline + emulation has changed from 0-based indexing to 1-based like gnu readline. + +- Issue #18852: Handle case of ``readline.__doc__`` being ``None`` in the new + readline activation code in ``site.py``. - Issue #18672: Fixed format specifiers for Py_ssize_t in debugging output in the _sre module.