unix quirks (chmod 000 dir)
David Sherman
dave at lsuc.UUCP
Tue Apr 23 06:44:08 AEST 1985
In article <413 at leadsv.UUCP> mfe at leadsv.UUCP (Mark Ellson) writes:
||In his article, ucscc!argv (Dan Heller) argues that the appropriate error
||message when you try to change directory into a directory for which you don't
||have permissions is "Permission denied" instead of "no such file or
||directory". In fact, while this may be clearer to the user, it falls in the
||same general category as not using "Incorrect password" or "Incorrect
||username" for failed logins. You never want to tell a potential intruder or
||unauthorized user any information which can be used to infer the existence
||or nonexistence of a protected object.
||
||A possible exception to this rule might be if the software is smart
||enough to check the ownership of the directory, and then generate the
||appropriate error message based upon whether or not you are the owner of
||that directory.
Not really. The test of who's allowed to know the directory
exists is really "who has read permission on the parent directory".
In most UNIX applications, a protected directory that someone
is trying to cd to can be found to exist, even if its execute bit
is off. The error message really should be "Permission denied".
Dave Sherman
The Law Society of Upper Canada
Toronto
--
{utzoo pesnta nrcaero utcs hcr}!lsuc!dave
{allegra decvax ihnp4 linus}!utcsri!lsuc!dave
More information about the Comp.unix.wizards
mailing list