Microsoft Patents sudo 663
Jimmy O Regan writes "Justin Mason (of SpamAssassin fame) has this blog entry: US Patent 6,775,781, filed by Microsoft, is a patent on the concept of 'a process configured to run under an administrative privilege level' which, based on authorization information 'in a data store', may perform actions at administrative privilege on behalf of a 'user process'."
Why do they even try? (Score:5, Informative)
So of course this is completely unenforcable...I wonder if they'll even try. What is the process to go about for getting this patent revoked?
A brief history of SUDO (Score:5, Informative)
In reading the patent, it does look pretty obvious that it's doing what SUDO is doing... I think this should be blown up with little effort.
Is there any penalty for filing patents for which you KNOW prior art exists? If not, there definitely should be.
Re:"in a data store" (Score:5, Informative)
Ritchie's setuid patent at prior art? (Score:5, Informative)
History of sudo. (Score:5, Informative)
Prior art.
Re:What Next? (Score:5, Informative)
The underlying premise of patents will no doubt survive, as it makes a lot of sense in some areas (like engineering). But software and business process patents will probably disappear.
Re:"in a data store" (Score:5, Informative)
#1 - To require the "root" password.
#2 - To require the password of the userid that the user is running as.
#4 - To require the password of the userid the user wishes to switch to.
#5 - To not require any password at all.
When not requiring a password, it can be configured by the userid, or the command that is being run.
All in all, it's very configurable, and definately fits the prior art criteria.
Re:Setuid? (Score:4, Informative)
Re:Proof of concept? (Score:5, Informative)
Re:Su do me! (Score:5, Informative)
Ignorant people shouldn't yak. [eweek.com]
I don't think there's an out (Score:5, Informative)
But this time, it looks like they are doing exactly what sudoes. Maybe finally all the anti-Slashdot-stereotype trolls will be wrong.
Here's my read:
CLAIMS:
1. Processing a request from a non-admin user to do admin tasks. check.
2. Determining if the user can do such a request. Check.
3. Checking a data source to do #2. Check. (etc/passwd, others)
4. Checking a data source to see which one of many admin tasks the user can do. This might be a bit iffy, because I'm not incredibly familiar with sudo. I would assume it's possible to restrict the usage of sudo for different tasks, and if so, Check.
5. Multiple users. Check.
6. Groups. Check.
7. Using it for Methods. I think the Linux kernel might allow only certain system calls to be done by an administrator. If so, check.
8. Groups for #7. Check-maybe.
9,10. Combining classes and methods. Here it seems they get really specific, and it doesn't look like they define "class" or "method." Maybe.
11-13. Passwords. Check.
14-23. A computer to do the above. Check.
24-34. A security framework to do the above. Check.
35-49. Doing it over a network. Check. Now, here, a network seems to involve "hyperlinked documents creating a user interface." Certainly this idea is older than 2000. Check.
50-62. Again, having a computer to do 1-49.
63-end. Yeesh. Having a computer to do everything from 1-62. I guess they are covering every single combination.
So there's the claims. There's nothing in there that sudo really doesn't do, because I think the vauge language MS is using can be applied to a lot of different methods of unix-style security.
So who's going to care? No one, especially not at the Patent Office.
--Stephen
Re:Setuid? (Score:2, Informative)
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=P
Re:"in a data store" (Score:3, Informative)
Re:Su do me! (Score:1, Informative)
http://www.microsoft.com/mscorp/ip/tech/fat.asp
Re:A brief history of SUDO (Score:3, Informative)
In other news, sudo 1.6.8 was announced today... (Score:3, Informative)
Re:Why do they even try? (Score:3, Informative)
Duplicate the feature, release a product, wait for MS to sue you.
SCO's prior art (Score:3, Informative)
Of course, it's quite possible that the prior art involved is that of the programmers working on the original Xenix product for MS.
Ok, let's see what it actually says.... (Score:3, Informative)
Onto the description which is not as sound as commenting on the actual claims but at least provides an idea of what they want to patent. First thing to note is they are once again on the appliance angle. They aren't discussing a PC. They're discussing an XBox or NAS.
Now hitting the Detailed Description, here is where they slide in that the patent can cover general purpose PCs. Lots of discussion about Web-based administration. So it's not just sudo but Webmin+sudo.
If anyone wants to take this to the next level go for it. I did my best to RTFP and this is as far as I think I'm going to take it. It was kinda cute to note how general things were in the patent e.g. "data store" that can cover the registry or a text file but there are other things to read tonight.
Re:You know something... (Score:5, Informative)
nobody did [straightdope.com].
Re:Prior Art? (Score:5, Informative)
with something called "suw"
basically a su command that allowed authorized individuals to have
their own root password. the root login account
itself had unusable password.
each authorized users suw password was of course kept in
a "data store" (a private passwd style file)
and logging of its usage was done to provide an audit
trail.
this is at least 16 or more years old.
-k
Re:Why do they even try? (Score:3, Informative)
Re:maybe not so easy (Score:5, Informative)
The summary is mostly irrelivant as to what legal protection the patent has. The legal protection comes from the part marked "claims". And if you look at claim 1:
You need an "admin. security process" that is "executing ... under ... admin. priv. level".
It, the "admin. security process" then needs to "accept request[s] from a user process".
So, it's somewhat questionable if sudo would really block the claims. I'm sure if one were to send the patent office the sudo info, MS would argue that they have an "already running admin. process" that then actively accepts requests from other user processes.
In any case, everyone here who's uptight about the patent, there's at least two things you can do. 1) you can collect together all your sudo data, and optionally if you want explain how you think it describes a system that operates the same as the claimed system, and send it to the patent office to be placed into the legal record of this patent. That's the low cost (or maybe no cost, check the patent office web site for details) option available for you. Or, 2) you can collect together all your sudo data, and explain carefully how you think it describes what the claims describe, and file with the patent office for what is known as a reexamination of the patent. Yes, that's correct, you, someone unrelated to either MS or the patent office, or this patent, can actually send in your information and ask that the patent office reconsider their decision. Again, check the web site for details. So, instead of belly aching about how bad a job the patent office is or is not doing, why not simply help them out by sending them the info you know about, and then they have a better chance of doing a better job. And who knows, you might actually get this patent killed in the process.
Re:A brief history of SUDO (Score:3, Informative)
Similarly, Microsoft has a patent on a slightly different implementation of setuid.
Oh, wait... This is Microsoft, and therefore evil.
Re:Quick! Send in your prior art! (Score:3, Informative)
Re:Setuid? (Score:4, Informative)
It certainly does. It verifies that the parent's uid has valid execute permission on the new program by comparing the owner and the x bits. This information is stored in the inode, which is in a filesystem (usually but not always a disk). A unix filesystem would certainly qualify as a "data store".
So unix systems have two different instances of prior art, the setuid (and setgid) bit, and the somewhat later sudo command.
Of course, the main question is whether anyone will be able to afford the effort to get this patent invalidated. Or will Microsoft be able to bankrupt anyone who tries?
I suppose IBM could decide that this is a challenge to the security setup in their aix and linux systems. They probably have the money to successfully fight this one. I don't think I do.
Re:A brief history of SUDO (Score:1, Informative)
Before sudo, I would run commands like that: /dev/hda2 /mnt2"
su -c "mount
assume everything already patented (Score:3, Informative)
[tim bray]
must make a mention of tim brays article on software patents that I've recycled [slashdot.org] from a while ago.
Re:A brief history of SUDO (Score:3, Informative)
One might examine, for example, patent 494,622 or patent 371,390 - both patents issued for paperclips, issued in 2004 and 1996, respectively.
Those are design patents, not invention patents.
For example--no one can patent the fork because it's obvious and it's prior art, etc etc. But, you can design a fork that looks prettier than other forks, and get a design patent for that.
As a very rough metaphor, think of a design patent as more like a 3-D copyright.
It has no bearing at all on what's being discussed here.
Re:Prior Art? (Score:5, Informative)
The USPO is a laughing stock (Score:4, Informative)
Those are 'prior art' pictures, to show contrast (Score:3, Informative)
Listen, I hate MS as much as the next guy -- but did you read the rest of the patent? In the "BRIEF DESCRIPTION OF THE DRAWINGS" section, it reads:
[0013] FIG. 1A [referring to the KDE front panel] is a pictorial diagram illustrating a desktop of a graphical user interface according to the prior art.
[0014] FIG. 1B [referring to the Gnome front panel] is a pictorial diagram illustrating one implementation of a panel containing a desk guide used to switch among multiple virtual desktop according to the prior art.
In the "BACKGROUND OF THE INVENTION" section, it points out that in KDE, the pager doesn't show you the pictures of the desktops: "As more and more application windows 102 are dispersed throughout these virtual desktops, it may be difficult for a user to remember which desktop contains which application window." You have to click on each desktop until you find it.
For the GNOME pager, it says that "running application windows appear as small, raised squares... it is still not possible for a user to determine from these small raised squares the desired application window for which he may be looking"
The patent is apparently for MS's improvment of the concept by actually showing small recognizable representations of each desktop in a "preview" pane that shows all the desktops, and for being able to transfer application windows from a different virtual desktop to the current one, without actually bringing up the other desktop.
Ok,
Re:maybe not so easy (Score:1, Informative)
OK, so they didn't patent sudo. They patented xinetd. Either way, it's a stupid patent. One of the big problems with the USPTO is that (IIRC) it is funded by the patent fees it collects from applicants. Therefore, it is in their interest to grant patents -- no matter how stupid -- because more applications means more money for them. Maybe if they had to return the fees if a patent is overturned, they wouldn't have such a "shoot first and let God sort 'em out" attitude.
Re:Prior Art? (Score:2, Informative)
It's a good point you make.