Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site leadsv.UUCP
Path: utzoo!linus!philabs!prls!amdimage!amdcad!cae780!leadsv!mfe
From: mfe@leadsv.UUCP (Mark Ellson)
Newsgroups: net.unix-wizards
Subject: Re: unix quirks (chmod 000 dir)
Message-ID: <413@leadsv.UUCP>
Date: Mon, 15-Apr-85 22:28:54 EST
Article-I.D.: leadsv.413
Posted: Mon Apr 15 22:28:54 1985
Date-Received: Sat, 20-Apr-85 06:50:35 EST
References: <9938@brl-tgr.ARPA>
Organization: LMSC-LEADS, Sunnyvale, Ca.
Lines: 16

In his article, ucscc!argv (Dan Heller) argues that the appropriate error
message when you try to change directory into a directory for which you don't
have permissions is "Permission denied" instead of "no such file or
directory".  In fact, while this may be clearer to the user, it falls in the
same general category as not using "Incorrect password" or "Incorrect
username" for failed logins.  You never want to tell a potential intruder or
unauthorized user any information which can be used to infer the existence
or nonexistence of a protected object.

A possible exception to this rule might be if the software is smart
enough to check the ownership of the directory, and then generate the
appropriate error message based upon whether or not you are the owner of
that directory.

					Mark Ellson
					{amdcad!cae780, sun!sunncal}!leadsv!mfe