unix quirks (chmod 000 dir)
Thomas M. Breuel
tmb at talcott.UUCP
Fri Apr 19 16:25:03 AEST 1985
> have permissions is "Permission denied" instead of "no such file or
> directory". In fact, while this may be clearer to the user, it falls in the
> same general category as not using "Incorrect password" or "Incorrect
> username" for failed logins. You never want to tell a potential intruder or
> unauthorized user any information which can be used to infer the existence
> or nonexistence of a protected object.
That's hardly an argument. A simple 'ls -l' will reveal the whole truth
to the 'intruder'. I suspect that someone was lazy when writing the code
and inferred from an error return code from 'chdir' that the target does
not exist.
Thomas.
More information about the Comp.unix.wizards
mailing list