Skip to content

Check .netrc file permissions once per parse #139633

New issue
New issue
Open
Open
Check .netrc file permissions once per parse#139633
Labels
performancePerformance or resource usagestdlibStandard Library Python modules in the Lib/ directorytype-featureA feature request or enhancement
@cmaloney

Description

@cmaloney
cmaloney
opened on Oct 5, 2025

Feature or enhancement

Proposal:

The netrc module, when parsing the default ".netrc" file, does a security check that the file is owned by the current user if the file contains non-anonymous logins. That check is currently run once per line which contains a user other than anonymous. That means that the module issues a stat + os.getuid + pwd.getpwuid per entry in the netrc to compare whether the overall file permissions match the current user.

Because the check is just checking file permissions against the current user the same security would be provided by running the check once per netrc parse rather than once per entry.

I encountered this debugging why a script was slow to startup for a user with a large .netrc and discovered requests defaults to parsing netrc when no authentication is explicitly provided and that was triggering this behavior.

Has this already been discussed elsewhere?

No response given

Links to previous discussion of this feature:

No response

Linked PRs

Metadata

Metadata

Assignees

No one assigned

    Labels

    performancePerformance or resource usagestdlibStandard Library Python modules in the Lib/ directorytype-featureA feature request or enhancement

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions