Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/go/internal/auth: readNetrc: detect exposed .netrc files #38468

Open
masiulaniec opened this issue Apr 15, 2020 · 1 comment
Open

cmd/go/internal/auth: readNetrc: detect exposed .netrc files #38468

masiulaniec opened this issue Apr 15, 2020 · 1 comment

Comments

@masiulaniec
Copy link

@masiulaniec masiulaniec commented Apr 15, 2020

It is a common practice for security-conscious code to return an error when a file holding secret material is not stored safely.

For example, you may have already encountered an ssh error saying a user's private key has unsafe mode. Similarly, the python netrc library throws an exception when file permissions aren't sufficiently narrow.

Go's internal readNetrc does not implement such a check as of 1.14.1.

@bcmills
Copy link
Member

@bcmills bcmills commented Apr 16, 2020

@FiloSottile, @katiehockman: any opinions on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.