Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Microsoft Patents sudo

Posted by michael on Fri Aug 20, 2004 09:00 PM
from the you're-just-mad-you-didn't-think-of-it-first dept.
Patents Security
Jimmy O Regan writes "Justin Mason (of SpamAssassin fame) has this blog entry: US Patent 6,775,781, filed by Microsoft, is a patent on the concept of 'a process configured to run under an administrative privilege level' which, based on authorization information 'in a data store', may perform actions at administrative privilege on behalf of a 'user process'."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Microsoft Patents sudo 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Prior Art? (Score:5, Interesting)

    by aweraw (557447) * on Friday August 20 2004, @09:01PM (#10029673) Homepage Journal
    So, I guess the prior art will be easy to show... right?

    • Re:Prior Art? (Score:5, Insightful)

      by Anonymous Coward on Friday August 20 2004, @09:04PM (#10029690)
      Sure, if you have the USD500,000 to field the court case. Most people cave first.

    • Re:Prior Art? (Score:5, Funny)

      by cbr2702 (750255) on Friday August 20 2004, @09:04PM (#10029693) Homepage
      How? Everyone knows those Open Sores hippies stole everything anyways.

    • Not really a patent (Score:5, Funny)

      by commodoresloat (172735) on Friday August 20 2004, @09:23PM (#10029804) Homepage
      It's a pseudo-patent.

      thanks, I'll be here all week....

    • Re:Prior Art? (Score:5, Insightful)

      by hardcode57 (734460) on Friday August 20 2004, @10:22PM (#10030106) Journal
      Who needs to prove prior art? Obviousness is also an impediment to a patent. Even if the existing prior art cited here doesn't quite match, the reaction of everyone on this page is that there must be some that does: a fairly good indication that practitioners versed in the art regard the idea as obvious.

    • Re:Prior Art? (Score:5, Informative)

      by mr_walrus (410770) on Friday August 20 2004, @10:27PM (#10030142)
      the University of Waterloo had a similar concept
      with something called "suw"

      basically a su command that allowed authorized individuals to have
      their own root password. the root login account
      itself had unusable password.

      each authorized users suw password was of course kept in
      a "data store" (a private passwd style file)
      and logging of its usage was done to provide an audit
      trail.

      this is at least 16 or more years old.

      -k

      • Re:Prior Art? (Score:5, Insightful)

        by NanoGator (522640) on Friday August 20 2004, @09:52PM (#10029973) Homepage Journal
        "Why would they patent something which has been around for years in the competition's OS? There's no way they can actually patent sudo...not on my watch."

        They can patent it just fine, all the USPTO has to do is not notice the similarity. It's when they get to court with somebody about it that the problem actually exists.

        I had to sound like an arrogant ass here, but maybe you should go work for the Patent Office? Not because it'd teach you a lesson, but because it is pretty clear that whoever approves these doesn't understand the area they're in. I mean, look how technical the patent is. Either the patent office picked up on a subtle nuance that makes it different from *nux, or they just didn't connect it with something it does already.

      • Re:maybe not so easy (Score:5, Informative)

        by Anonymous Coward on Friday August 20 2004, @11:00PM (#10030291)
        If the summary is correct, sudo doesn't count.

        The summary is mostly irrelivant as to what legal protection the patent has. The legal protection comes from the part marked "claims". And if you look at claim 1:

        executing an administrative security process under the administrative privilege level;

        the administrative security process accepting a request from a user process executing under the non-administrative privilege level

        You need an "admin. security process" that is "executing ... under ... admin. priv. level".

        It, the "admin. security process" then needs to "accept request[s] from a user process".

        So, it's somewhat questionable if sudo would really block the claims. I'm sure if one were to send the patent office the sudo info, MS would argue that they have an "already running admin. process" that then actively accepts requests from other user processes.

        In any case, everyone here who's uptight about the patent, there's at least two things you can do. 1) you can collect together all your sudo data, and optionally if you want explain how you think it describes a system that operates the same as the claimed system, and send it to the patent office to be placed into the legal record of this patent. That's the low cost (or maybe no cost, check the patent office web site for details) option available for you. Or, 2) you can collect together all your sudo data, and explain carefully how you think it describes what the claims describe, and file with the patent office for what is known as a reexamination of the patent. Yes, that's correct, you, someone unrelated to either MS or the patent office, or this patent, can actually send in your information and ask that the patent office reconsider their decision. Again, check the web site for details. So, instead of belly aching about how bad a job the patent office is or is not doing, why not simply help them out by sending them the info you know about, and then they have a better chance of doing a better job. And who knows, you might actually get this patent killed in the process.

  • Oh, yeah (Score:5, Funny)

    by brilinux (255400) <kg4qxkNO@SPAMarrl.net> on Friday August 20 2004, @09:02PM (#10029680) Homepage Journal
    So SU me!

    Probably redundant by now.

  • Why do they even try? (Score:5, Informative)

    by halo1982 (679554) * on Friday August 20 2004, @09:03PM (#10029687) Homepage Journal
    A computer such as a network appliance executes an administrative security process configured to run under an administrative privilege level. Having an administrative privilege level, the administrative security process can initiate administrative functions in an operating system function library. A user process executing under a non-administrative privilege level can initiate a particular administrative function that the process would not otherwise be able to initiate by requesting that the administrative security process initiate the function. In response to a request to initiate a particular function from a process with a non-administrative privilege level, the administrative security process determines whether the requesting process is authorized to initiate the particular administrative function based on information accessed in a data store. If the requesting process is authorized, the administrative security process initiates the particular administrative function. In this manner, the administrative security process facilitates access to specific administrative functions for a user process having a privilege level that does not permit the user process to access the administrative functions.

    So of course this is completely unenforcable...I wonder if they'll even try. What is the process to go about for getting this patent revoked?

    • Re:Why do they even try? (Score:5, Insightful)

      by LostCluster (625375) * on Friday August 20 2004, @09:08PM (#10029719) Homepage
      That seems setup makes sense under Windows, but seems utterly useless under any Unix variant. It's almost as if Microsoft is defensively patenting just to make sure nobody else weasels in and trys to cut them off from a concept they want to use.

    • Re:Why do they even try? (Score:5, Insightful)

      by WindBourne (631190) on Friday August 20 2004, @09:46PM (#10029933) Journal
      So of course this is completely unenforcable...I wonder if they'll even try. What is the process to go about for getting this patent revoked?

      This is not about being unenforcable. This is about having a HUGE cabinet of patents that you can throw at whoever and use to stop them. Now, many of MS's patents are nothing but rip offs. But, if you were hit with more than 1000 patents, just the reading and understanding of them could take a year or two.

      Very scarey

  • Quick! Send in your prior art! (Score:5, Funny)

    by non-registered (639880) on Friday August 20 2004, @09:06PM (#10029704) Homepage
    man sudo >/dev/uspto

  • Setuid? (Score:5, Insightful)

    by chrispyman (710460) on Friday August 20 2004, @09:06PM (#10029708)
    Wouldn't this patent also cover setuid, as that's a way you can have an app run under superuser privs for a regular user?

  • Proof of concept? (Score:5, Interesting)

    by Penguinoflight (517245) on Friday August 20 2004, @09:06PM (#10029710) Homepage Journal
    I don't think I've seen a true unprivileged user under an M$ system yet. Everyone is talking about previous art, which is definitly around, but I'd say make M$ prove they actually understand sudo before you start complaining about "I saw it first."

    • Re:Proof of concept? (Score:5, Interesting)

      by horatio (127595) on Friday August 20 2004, @09:29PM (#10029841)
      I agree. I also have to agree with an earlier post which mentioned punishing those who patent what they know already has prior art.

      Problem is, I have seen this unprivileged user, and its broken. A few years ago we split our NT accounts in the IT office I worked in into 'priv' and 'non-priv' accounts for each of us. Previously, our typical logins had all the admin privs to do whatever we needed on the workstation.

      The plan was that we could use the win2k/xp version of 'su' (whatever it is called, I don't remember) to do things that needed elevated privs. IT DIDN'T WORK. Some of the child processes, for example, of burning a CD would spawn as your unprivileged context - meaning you couldn't burn a damn CD. You had to log out, and log back in with your priv account for a simple task like burning a CD.

      I think its great how Microsoft steals ideas from other people (*cough*NIX), comes up with a totally frelled implementation that many times doesn't work - and then A) breaks the existing standards, B) goes off and patents the idea as their own or C) both

      Perhaps Microsoft's division which is doing all this should simply be retitled "Patent Whores"

    • Re:Proof of concept? (Score:5, Informative)

      by Bryan_W (649785) on Friday August 20 2004, @09:32PM (#10029859) Journal
      I know you were trying to be funny but seriously, it is a feature of Windows 2000/XP all you have to do is shift + right click any executable and select "Run as..." or use the runas command from the command prompt. Sorry but I had to be fair to Microsoft.

  • A brief history of SUDO (Score:5, Informative)

    by tao_of_biology (666898) <tao@of@biology.gmail@com> on Friday August 20 2004, @09:07PM (#10029717)
    So, the patent is filed for August 10th, 2004... I checked out the history of SUDO page at: http://www.courtesan.com/sudo/history.html [courtesan.com] and it looks like SUDO dates back to 1980.

    In reading the patent, it does look pretty obvious that it's doing what SUDO is doing... I think this should be blown up with little effort.

    Is there any penalty for filing patents for which you KNOW prior art exists? If not, there definitely should be.

    • Re:A brief history of SUDO (Score:5, Interesting)

      by Flower (31351) on Friday August 20 2004, @09:34PM (#10029865) Homepage
      Bruce Perens brought this up in a previous patent article and I can't find the post atm. IIRC, it's a criminal offense to knowingly file a false patent. I would assume it falls under perjury. Of course, you don't see anybody actually being prosecuted for this.

  • What Next? (Score:5, Funny)

    by Kandel (624601) on Friday August 20 2004, @09:07PM (#10029718) Journal
    US Patent 6,775,786 : Filed by Microsoft : The concept of clicking a mouse button to perform a task.
    Closely followed by...
    US Patent 6,775,787 : Filed by Microsoft : The concept of intercourse to procreate.

    Seriously, what is the world coming to. Corporates such as Microsoft should not be allowed to patent bogus things like this.
    This is truly Capitalism at it's worst...what power have the US given these people!?

    • Re:What Next? (Score:5, Informative)

      by Mark_MF-WN (678030) on Friday August 20 2004, @09:11PM (#10029733)
      This just hastens the end of the patent system. Seriously -- the American patent system is going to fall apart soon, and things like this are the reason.

      The underlying premise of patents will no doubt survive, as it makes a lot of sense in some areas (like engineering). But software and business process patents will probably disappear.

  • Ritchie's setuid patent at prior art? (Score:5, Informative)

    by GGardner (97375) on Friday August 20 2004, @09:09PM (#10029727)
    I can see missing prior work as prior art. But missing the famous setuid patent [uspto.gov] seems just silly.

  • History of sudo. (Score:5, Informative)

    by Skulker303 (11304) on Friday August 20 2004, @09:10PM (#10029728)
    http://www.sudo.ws/sudo/history.html

    Prior art.

  • Thats it. (Score:5, Funny)

    by 0racle (667029) on Friday August 20 2004, @09:11PM (#10029735)
    I'm not going to put it off anymore, I have an amazing idea and I'm off to patent it. Its a web based front end for system updates, see, it scans the system to determine what updates are needed, then only presents them to the user in such a way that they can see what updates are critical and which are just general enhancements. I'm going to make a mint.

  • not really Prior Art, but (Score:5, Funny)

    by hndrcks (39873) on Friday August 20 2004, @09:19PM (#10029778) Homepage
    " the concept of 'a process configured to run under an administrative privilege level' which, based on authorization information 'in a data store', may perform actions at administrative privilege on behalf of a 'user process'."

    Hell, that sounds like Klez! [symantec.com]

  • You know something... (Score:5, Interesting)

    by neiras (723124) on Friday August 20 2004, @09:20PM (#10029782)
    The American patent system is so out of control, it's unbelievable. The companies that abuse the overworked, underqualified patent office to stack up dubious patents for future ammunition against competitors ought to be sanctioned!

    I don't have words to express how angry this IP grab makes me - and I'm not even an American! Did the Patent Office do any looking into prior art in this case at ALL?

    Whose brilliant idea was it to give corporations the same legal rights as an individual? I wonder if this kind of crap would happen if only individual inventors could apply for patents, whether or not they were funded by a company that paid for their research. Hell, make it illegal for companies to defend patents or fund the defense of their employees' patents - make it up to the inventor to go to court and defend themselves! Jail time if prior art is found!

    Research would still get funded, but only for the purpose of improving products, not for expansion of intellectual property portfolios.

    IANAL (obviously), I know these are probably stupid suggestions, but damn it, we need some extreme methods to match the extreme opportunism shown by these companies. Anyone else have other pie-in-the-sky, impractical ideas for changing the US patent system? ;)

  • This is getting ridiculous (Score:5, Interesting)

    by Mr. Cancelled (572486) on Friday August 20 2004, @09:20PM (#10029787)
    Companies are getting rich by stealing the future inventions of people with these generic fucking patents. What are the odds that those who invented the patenting process actually envisioned it being twisted around and allowing people to patent ideas, and concepts, the like of which they themselves have no idea how to achieve.

    The idea of a patent is, or at least should be, to patent an invention. Not some task or distant goal which you can imagine some day being achieved, but are unable to currently achieve yourself.

    Imagine if Ford had been able to patent the automile in generic enough terms so that any motorized land vehicle was covered... Where would we be today Wine makers had patented the fermentation process before beer had existed?

    IMHO, patents should be for very specific inventions, and processes, which you have invented, and can accurately demonstrate at the time of patent request, and which of course didn't exist in it's current form prior to your invention

    The computer industry, and it's money sucking lawyers have been allowed to chisel away at the wording and verbiage of the patent laws to such an extent that you are now able to patent just about any idea/concept someone may have down the road. Just think about the stifling of innovation if those science fiction writers of the 50's had patented all that they foresaw.

    What makes me mad is that no one has yet come forward and shown prior artwork for a patent on lawyer wielding companies who make their money by exploiting the ideas and innovations of others through a series of generic and vaguely worded patents and threats. Perhaps then this whole mess would disapear.

    • Re:This is getting ridiculous (Score:5, Insightful)

      by whovian (107062) on Friday August 20 2004, @09:48PM (#10029949)
      Companies are getting rich by stealing the future inventions of people with these generic fucking patents.

      I think many people have speculated this for a while: a business world governed by patents and licensing where individual incentive to create is effectively unlawful.

      This is why I think it's important to support open source, the GPL, and open scientific research.

  • Exploits. (Score:5, Funny)

    by Daleks (226923) on Friday August 20 2004, @09:24PM (#10029815)
    I think MS has prior art on this one. Their programs have been executing at a higher than normal privilage level for awhile.

  • My Theory (Score:5, Interesting)

    by TheSpoom (715771) * <slashdot@ u b e r m 0 0 . n et> on Friday August 20 2004, @09:30PM (#10029851) Homepage Journal
    My theory is that Microsoft is patenting all these things so they can use it as part of a marketing campaign to PHBs when Longhorn comes out. Something to the effect of, "Why take the risk of running Linux when we own the patents on everything they use?" I know a few people it would convince pretty easily... Tis all FUD.

  • Patent Sex (Score:5, Funny)

    by suwain_2 (260792) on Friday August 20 2004, @09:33PM (#10029862) Journal
    A friend and I resolved a while back that we should file a patent for A protocol for expansion of the human race, and essentially describe the process of sexual intercourse in extremely vague terms.

    After taking over all the porn sites in the world, we could start suing parents across the nation.

    In fact, you should really just give me $699 today if you plan on having sex any time soon. The license is good for a whole year! (But only for one partner.)

  • Gnome Pager - patented by Microsoft (Score:5, Interesting)

    by iive (721743) on Friday August 20 2004, @09:33PM (#10029864)
    It's an old news, but I wonder have slashdot crowd found out this patent:

    http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=P TO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch- bool.html&r=1&f=G&l=50&co1=AND&d=PG01&s1=200301895 97&OS=20030189597&RS=20030189597 [uspto.gov]

    The most interesting part is the images. There you can actually see the Gnome logo. (There is an extra karma bunus for the first who find the KDE logo;)


    So Microsoft have already begun patenting Linux.
    It is true that M$ cannot buy GPL code, but it can buy the coders.

    Now, guess what will happen after the fiaSCO is over.
  • I don't think there's an out this time. Usually, when you get posts saying "Microsoft patents clicking!!" there's usually something in the patent that says "clicking on an icon by using a joystick, underwater, over the internet" or something ridiculous that means the patent doesn't have prior art, but the idea itself does, and will probably be used to try and stretch the patent as far as the courts will let it.

    But this time, it looks like they are doing exactly what sudoes. Maybe finally all the anti-Slashdot-stereotype trolls will be wrong.
    Here's my read:

    CLAIMS:

    1. Processing a request from a non-admin user to do admin tasks. check.
    2. Determining if the user can do such a request. Check.
    3. Checking a data source to do #2. Check. (etc/passwd, others)
    4. Checking a data source to see which one of many admin tasks the user can do. This might be a bit iffy, because I'm not incredibly familiar with sudo. I would assume it's possible to restrict the usage of sudo for different tasks, and if so, Check.
    5. Multiple users. Check.
    6. Groups. Check.
    7. Using it for Methods. I think the Linux kernel might allow only certain system calls to be done by an administrator. If so, check.
    8. Groups for #7. Check-maybe.
    9,10. Combining classes and methods. Here it seems they get really specific, and it doesn't look like they define "class" or "method." Maybe.
    11-13. Passwords. Check.
    14-23. A computer to do the above. Check.
    24-34. A security framework to do the above. Check.
    35-49. Doing it over a network. Check. Now, here, a network seems to involve "hyperlinked documents creating a user interface." Certainly this idea is older than 2000. Check.
    50-62. Again, having a computer to do 1-49.
    63-end. Yeesh. Having a computer to do everything from 1-62. I guess they are covering every single combination.

    So there's the claims. There's nothing in there that sudo really doesn't do, because I think the vauge language MS is using can be applied to a lot of different methods of unix-style security.

    So who's going to care? No one, especially not at the Patent Office.

    --Stephen
    • No, sudo asks for the password of the currently running user, and then if correct, checks a data store - /etc/sudoers - to see if that user is allowed to use sudo, and only then runs the administrative command. The root logon is not involved; it's actually disabled on some of my boxes.

    • Re:"in a data store" (Score:5, Informative)

      by GuyverDH (232921) on Friday August 20 2004, @09:22PM (#10029797)
      sudo - through the use of it's data-store the "sudoers" file, can be configured multiple ways.

      #1 - To require the "root" password.
      #2 - To require the password of the userid that the user is running as.
      #4 - To require the password of the userid the user wishes to switch to.
      #5 - To not require any password at all.

      When not requiring a password, it can be configured by the userid, or the command that is being run.

      All in all, it's very configurable, and definately fits the prior art criteria.
    • I get the feeling more and more that Microsoft is doing something like this:

      Manager 1: Wow! They accepted that patent! The USPTO is crazy! Even with a year or so of prior art!

      Manager 2: Yeah, no kidding!

      Manager 1: Let's try this one next. It's got 3 years prior art.

      Manager 2: Wow! They accepted that one too! What morons!

      Manager 1: Man...let's see just how crazy we can get here...let's go with 20 years prior art, and see if the dopes accept it!

      Manager 2: LOL HAHA ROFLMAO! They took it! What planet do these guys live on?!?!

      • More like this:

        M1: Alright, pay up.

        M2: I can't believe this. (pays)

        M3: Hey guys, 3 to 1 odds I don't get the patent on the 'long rectangular button which inserts a space character when pressed'. Who's in?

        M1: $50 you don't get it.

        M2: $200 for.

      • Re:perhaps my evil genius hat isn't working (Score:5, Funny)

        by Anonymous Coward on Friday August 20 2004, @10:19PM (#10030097)
        Microsoft: hello I want to fill a patent request...

        Patent office employee: ok, granted!

        Microsoft: ...but don't you first want to...

        Patent office employee: NO NO NO I said granted!!

        Microsoft: ...well but there's this thing called prior...

        Patent office employee: I SAID GRANTED!!

        Microsoft: yeah but there was another pate...

        Patent oggice employee: KNOCK IT OFF ALREADY!!! GRANTED YOU BIG-POCKET COMPANY!!!
    • A patent on $ or # as a prompt?

      It would probably read more like:

      An indication by which a computer system indicates that it is ready for arbitrary input from the user.

      But specifically, they'd be patenting C:\> .

    • Re:Claim seems valid (Score:5, Interesting)

      by sploo22 (748838) <dwahler@gmai l . com> on Friday August 20 2004, @10:54PM (#10030265)
      I can certainly see how this could apply to sudo.

      executing an administrative security process under the administrative privilege level;

      bash forks/execs the sudo process, which gains root privileges through the setuid bit.

      the administrative security process accepting a request from a user process executing under the non-administrative privilege level to initiate a particular administrative method

      The request is passed on the command line and accepted by sudo.

      the user process calling the administrative security process with parameters comprising (a) an identification of the particular administrative method and (b) arguments to be provided to said particular administrative method; and

      Now, this depends on your definition of a method. If an executable program counts as one - and it should, as most administrative tasks under UNIX use separate commands - then this fits perfectly.

      the administrative security process calling the identified particular administrative method on behalf of the user process and providing the arguments to said identified particular administrative method.

      Sudo execs the requested program. QED.

      The thing is, the patent doesn't specifically say the privileged process has to handle multiple requests. Sudo DOES run in its own process before it transfers control.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.