unix quirks (chmod 000 dir)
Mark Ellson
mfe at leadsv.UUCP
Tue Apr 16 13:28:54 AEST 1985
In his article, ucscc!argv (Dan Heller) argues that the appropriate error
message when you try to change directory into a directory for which you don't
have permissions is "Permission denied" instead of "no such file or
directory". In fact, while this may be clearer to the user, it falls in the
same general category as not using "Incorrect password" or "Incorrect
username" for failed logins. You never want to tell a potential intruder or
unauthorized user any information which can be used to infer the existence
or nonexistence of a protected object.
A possible exception to this rule might be if the software is smart
enough to check the ownership of the directory, and then generate the
appropriate error message based upon whether or not you are the owner of
that directory.
Mark Ellson
{amdcad!cae780, sun!sunncal}!leadsv!mfe
More information about the Comp.unix.wizards
mailing list