Title: Check `.netrc` file permissions once per parse · Issue #139633 · python/cpython · GitHub
Open Graph Title: Check `.netrc` file permissions once per parse · Issue #139633 · python/cpython
X Title: Check `.netrc` file permissions once per parse · Issue #139633 · python/cpython
Description: Feature or enhancement Proposal: The netrc module, when parsing the default ".netrc" file, does a security check that the file is owned by the current user if the file contains non-anonymous logins. That check is currently run once per l...
Open Graph Description: Feature or enhancement Proposal: The netrc module, when parsing the default ".netrc" file, does a security check that the file is owned by the current user if the file contains non-anonymous logins...
X Description: Feature or enhancement Proposal: The netrc module, when parsing the default ".netrc" file, does a security check that the file is owned by the current user if the file contains non-anonym...
Opengraph URL: https://github.com/python/cpython/issues/139633
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Check `.netrc` file permissions once per parse","articleBody":"# Feature or enhancement\n\n### Proposal:\n\nThe `netrc` module, when parsing the default \".netrc\" file, does a security check that the file is owned by the current user if the file contains non-anonymous logins. That check is currently run once per line which contains a user other than `anonymous`. That means that the module issues a `stat` + `os.getuid` + `pwd.getpwuid` per entry in the `netrc` to compare whether the overall file permissions match the current user.\n\nBecause the check is just checking file permissions against the current user the same security would be provided by running the check once per `netrc` parse rather than once per entry.\n\nI encountered this debugging why a script was slow to startup for a user with a large `.netrc` and discovered [`requests` defaults to parsing netrc](https://docs.python-requests.org/en/latest/user/authentication/#netrc-authentication) when no authentication is explicitly provided and that was triggering this behavior.\n\n\n### Has this already been discussed elsewhere?\n\nNo response given\n\n### Links to previous discussion of this feature:\n\n_No response_\n\n\u003c!-- gh-linked-prs --\u003e\n### Linked PRs\n* gh-139634\n\u003c!-- /gh-linked-prs --\u003e\n","author":{"url":"https://github.com/cmaloney","@type":"Person","name":"cmaloney"},"datePublished":"2025-10-05T22:04:03.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/139633/cpython/issues/139633"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:7d3d80c2-5c34-4684-3325-071c1c97ed99 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | D5A2:1B445F:5B75D53:8135258:6A502139 |
| html-safe-nonce | eba1409664a1de5c9e162181dae3b95ff12ad522f80f6f831c4f0a1d38c57741 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJENUEyOjFCNDQ1Rjo1Qjc1RDUzOjgxMzUyNTg6NkE1MDIxMzkiLCJ2aXNpdG9yX2lkIjoiODczMTEyMTAwMDcxMDY3Njc5MyIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | f5b0126d2fc700e9a8106fae65b130a9055db357ca49fc783df3ae3f9621b0cf |
| hovercard-subject-tag | issue:3485209264 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/python/cpython/139633/issue_layout |
| twitter:image | https://opengraph.githubassets.com/d19889818021f775a924d3e2e5b9c4906f922a27c659bec368af6b6d1bc90f25/python/cpython/issues/139633 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/d19889818021f775a924d3e2e5b9c4906f922a27c659bec368af6b6d1bc90f25/python/cpython/issues/139633 |
| og:image:alt | Feature or enhancement Proposal: The netrc module, when parsing the default ".netrc" file, does a security check that the file is owned by the current user if the file contains non-anonymous logins... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | cmaloney |
| hostname | github.com |
| expected-hostname | github.com |
| None | a08040246389072795e3b4e7b33c6d9a0c564eee02e829a809326d67c418b069 |
| turbo-cache-control | no-preview |
| go-import | github.com/python/cpython git https://github.com/python/cpython.git |
| octolytics-dimension-user_id | 1525981 |
| octolytics-dimension-user_login | python |
| octolytics-dimension-repository_id | 81598961 |
| octolytics-dimension-repository_nwo | python/cpython |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 81598961 |
| octolytics-dimension-repository_network_root_nwo | python/cpython |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | d1b91b18e7330fc458dfd824c61eaed7daa830d6 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width