Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/go/internal/auth: readNetrc: detect exposed .netrc files #38468

Open
masiulaniec opened this issue Apr 15, 2020 · 1 comment
Open

cmd/go/internal/auth: readNetrc: detect exposed .netrc files #38468

masiulaniec opened this issue Apr 15, 2020 · 1 comment
Labels
FeatureRequest NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. Security
Milestone
Unplanned

Comments

@masiulaniec
Copy link

It is a common practice for security-conscious code to return an error when a file holding secret material is not stored safely.

For example, you may have already encountered an ssh error saying a user's private key has unsafe mode. Similarly, the python netrc library throws an exception when file permissions aren't sufficiently narrow.

Go's internal readNetrc does not implement such a check as of 1.14.1.
@ALTree ALTree added FeatureRequest NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. labels Apr 15, 2020
@bcmills
Copy link
Contributor

bcmills commented Apr 16, 2020

@FiloSottile, @katiehockman: any opinions on this?

@seankhliao seankhliao added this to the Unplanned milestone Aug 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
FeatureRequest NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. Security
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
4 participants
@masiulaniec @ALTree @bcmills @seankhliao