Microsoft Patents sudo 663
Jimmy O Regan writes "Justin Mason (of SpamAssassin fame) has this blog entry: US Patent 6,775,781, filed by Microsoft, is a patent on the concept of 'a process configured to run under an administrative privilege level' which, based on authorization information 'in a data store', may perform actions at administrative privilege on behalf of a 'user process'."
Prior Art? (Score:5, Interesting)
Proof of concept? (Score:5, Interesting)
More silly M$ian legal-sleeze? (Score:2, Interesting)
Guys with a boner for dress socks... (Score:3, Interesting)
You know something... (Score:5, Interesting)
I don't have words to express how angry this IP grab makes me - and I'm not even an American! Did the Patent Office do any looking into prior art in this case at ALL?
Whose brilliant idea was it to give corporations the same legal rights as an individual? I wonder if this kind of crap would happen if only individual inventors could apply for patents, whether or not they were funded by a company that paid for their research. Hell, make it illegal for companies to defend patents or fund the defense of their employees' patents - make it up to the inventor to go to court and defend themselves! Jail time if prior art is found!
Research would still get funded, but only for the purpose of improving products, not for expansion of intellectual property portfolios.
IANAL (obviously), I know these are probably stupid suggestions, but damn it, we need some extreme methods to match the extreme opportunism shown by these companies. Anyone else have other pie-in-the-sky, impractical ideas for changing the US patent system?
This is getting ridiculous (Score:5, Interesting)
The idea of a patent is, or at least should be, to patent an invention. Not some task or distant goal which you can imagine some day being achieved, but are unable to currently achieve yourself.
Imagine if Ford had been able to patent the automile in generic enough terms so that any motorized land vehicle was covered... Where would we be today Wine makers had patented the fermentation process before beer had existed?
IMHO, patents should be for very specific inventions, and processes, which you have invented, and can accurately demonstrate at the time of patent request, and which of course didn't exist in it's current form prior to your invention
The computer industry, and it's money sucking lawyers have been allowed to chisel away at the wording and verbiage of the patent laws to such an extent that you are now able to patent just about any idea/concept someone may have down the road. Just think about the stifling of innovation if those science fiction writers of the 50's had patented all that they foresaw.
What makes me mad is that no one has yet come forward and shown prior artwork for a patent on lawyer wielding companies who make their money by exploiting the ideas and innovations of others through a series of generic and vaguely worded patents and threats. Perhaps then this whole mess would disapear.
The article (Score:2, Interesting)
I hope they keep it up - both of them... (Score:4, Interesting)
Sounds like a job for..... (Score:3, Interesting)
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
A dangerous precedent... (Score:4, Interesting)
This strategy may work in the US, where we can simply put the inventor^h^h^h^h^h criminals in jail (note that the US already has among the highest incarcerated population %-ages), but it probably won't hold up well against the rest of the world, especially the parts that don't think the USPTO is the last word. Unless we can start to incarcerate a larger percentage of the world's population for infringing on US IP, this strategy may not prove to be sustainable.
Perhaps corporate sponsorship of prisons facilities would help make this strategy a winner...
Re:Proof of concept? (Score:5, Interesting)
Problem is, I have seen this unprivileged user, and its broken. A few years ago we split our NT accounts in the IT office I worked in into 'priv' and 'non-priv' accounts for each of us. Previously, our typical logins had all the admin privs to do whatever we needed on the workstation.
The plan was that we could use the win2k/xp version of 'su' (whatever it is called, I don't remember) to do things that needed elevated privs. IT DIDN'T WORK. Some of the child processes, for example, of burning a CD would spawn as your unprivileged context - meaning you couldn't burn a damn CD. You had to log out, and log back in with your priv account for a simple task like burning a CD.
I think its great how Microsoft steals ideas from other people (*cough*NIX), comes up with a totally frelled implementation that many times doesn't work - and then A) breaks the existing standards, B) goes off and patents the idea as their own or C) both
Perhaps Microsoft's division which is doing all this should simply be retitled "Patent Whores"
My Theory (Score:5, Interesting)
Gnome Pager - patented by Microsoft (Score:5, Interesting)
http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=
The most interesting part is the images. There you can actually see the Gnome logo. (There is an extra karma bunus for the first who find the KDE logo;)
So Microsoft have already begun patenting Linux.
It is true that M$ cannot buy GPL code, but it can buy the coders.
Now, guess what will happen after the fiaSCO is over.
Re:A brief history of SUDO (Score:5, Interesting)
Perhaps based on "EPAL" ? (Score:2, Interesting)
Re:This is getting ridiculous (Score:3, Interesting)
1. There WAS a patent on the automobile, and it was the same deal - generic concept, lawyer/shell company demanding royalties on every car built. Henry Ford said "Screw You", took it to court, and won.
2. I believe archaeology has shown beer predating wine.
Other than these quibbles, point taken.
Re:A dangerous precedent... (Score:3, Interesting)
*Dons tinfoil hat*
I believe there are a number of influential men in the US that want to do exactly that.
They call it a "Free Trade Agreement"
Cheers
Stor
Re:A brief history of SUDO (Score:3, Interesting)
Well, if the system worked, you would lose your filing fee without getting a patent.
I strongly suspect that this is a reaction to the Eolas patent. Microsoft is now patenting *everything* they want to do. If the patent doesn't stand up due to prior art in the public domain, no problem: no one will be able to enforce that kind of patent *against* them either. If it does hold up, then they have prevented anyone else from patenting the same thing. Either way, they avoid the embarassment of the Eolas situation. Worst case scenario: they have to license from someone else because the patent already exists.
Re:A brief history of SUDO (Score:3, Interesting)
to get it through ... (Score:3, Interesting)
To get it passed, make some pictures. Take a screen shot of M$'s update notification and then add some preview buttons, a block diagram and other widgets. You might not be able to patent M$'s dinky notification, but you can keep them from improving it. That's what they are trying to do to Gnome's Pager [slashdot.org].
How to fix the patent system (Score:1, Interesting)
25K or 50K is nothing to MSFT, but is big bucks to the new profession of patent hunter. No prior art search occurs before its granted (just like today, heh heh), but the cash is forfeited if its a prior art patent.
The escrow cash increases as the number of previously bounties claimed against your patents increases.
Re:Claim seems valid (Score:5, Interesting)
executing an administrative security process under the administrative privilege level;
bash forks/execs the sudo process, which gains root privileges through the setuid bit.
the administrative security process accepting a request from a user process executing under the non-administrative privilege level to initiate a particular administrative method
The request is passed on the command line and accepted by sudo.
the user process calling the administrative security process with parameters comprising (a) an identification of the particular administrative method and (b) arguments to be provided to said particular administrative method; and
Now, this depends on your definition of a method. If an executable program counts as one - and it should, as most administrative tasks under UNIX use separate commands - then this fits perfectly.
the administrative security process calling the identified particular administrative method on behalf of the user process and providing the arguments to said identified particular administrative method.
Sudo execs the requested program. QED.
The thing is, the patent doesn't specifically say the privileged process has to handle multiple requests. Sudo DOES run in its own process before it transfers control.
Open Patents (Score:4, Interesting)
This "prior Art" of which everyone is speaking.
Would it apply to a full-form patent application posted publicly?
Meaning, if I present here the idea of a type of list-browsing method where the user is presented with newest added or scanned items inserted into the next selected cursor position in an updateable or actively updating list as they browse arbitrarily sorted or ordered items or values, that this declaration itself constitutes prior art (if, theoretically, the language was legally sound)?
Even if it's not prior art it's still a good idea huh?
I digress.
Is the concept of an "open patent" even applicable legally? I hope so, because I have some ideas that I would like to open up (and I have the feeling i'm not the only one).
It would be great, having this huge database of ideas that any designer or engineer could feel free to impliment or incorporate or merely look into for inspiration.
Competition is good in practice, but cooperation is better in play.
Re:maybe not so easy (Score:4, Interesting)
you may be correct... I wonder, in security terms, if its a good idea to have such a thing constantly on, like you describe.
Re:Prior Art? (Score:3, Interesting)
You don't expect the legal department to catch it do you?
I did something similar as a workaround in NT 4.0 (Score:3, Interesting)
Ugly and insecure I know but my choices were to get off my ass every time the server bogged (not bloody likely), give every bozo with enough rank to work overtime for free admin and show them how (even less likely, I'd quit first) or implement an ugly kludge that could screw things up royal if used by morons.
I also realize upgrading to a OS that did'nt leak memory in it's network service was a long term option.
Can the PTO be sued for negligence? (Score:1, Interesting)
It has been said before that employees of the PTO are paid on a per patent basis. I'm don't know whether this true, but it seems the PTO has to start to be held accountable for its practices.
If a company has to go through a lot of legal expenses to prove a patent invalid, can the PTO be backcharged? Or could one sue directly if the negligence was obvious?
Re:Ritchie's setuid patent at prior art? (Score:1, Interesting)
One function of most OS's is to let a process
request a function, which is priv'd (the process
has no other way of doing it except through
the OS) and then carrying out that function in
the privileged context of the OS.
If it must be a separate server, how about
XDM, samba, Oracle, or even apache?
And think outside of Unix. VMS has a whole slew
of different privileges which can be set for any
account, with SYSPRV (one bit of many) corresponding to Unix's "root".
More to the point, these priv bits can be set on
installed images. See for instance:
http://vms.process.com/scripts/vmshelp/vmshelp.
So while "JOE" might not be able to do PHY_IO
the software process controlling the disk array can do so on his behalf.
Of course Microsoft certainly knows all about
this since they stole##### "borrowed" this
concept from VMS when they put together
Windows NT.
Re:Prior Art? (Score:4, Interesting)
Re:Claim seems valid - not really (Score:3, Interesting)
ssh allows (via authorized_keys) to execute selective remote/local actions by certain authenticated entities. And it is all highly configurable:
Am I missing something?
Re:maybe not so easy (Score:2, Interesting)
Setuid is.
You X window system runs setuid root so that when you exectute a command (say run a quake3 game) it is able to access the 3-d rendering stuff in the hardware. Something that only a administrator can normally do.
Say you have a executable, "ls" for instance. As a regular user:
# which ls
# cp ls ~/lsmega
# sudo chown root lsmega
# sudo chmod a+s ls
# ls -ld
drwx------ 49 root root 4096 Aug 7 18:49
# ls
# ls -l lsmega
-rwsr-sr-x 1 root user 75948 Aug 21 01:29 lsmega
#
(root directory file listing)
Now users can execute that file and when doing so they use administrative permissions.
You could also include that file in a script, so that the script executes it will use your user's permissions until your script will execute that command using root permissions.
You can setup a deamon to do that, too. So that when a application or whatever wants to use FTP to access your machine you can set it up to use root permissions (not that you'd want too!)
Hence lsmega provides the user's proccess (your terminal) administrative rights for veiwing files. Exactly what is located in the patent.
how to fix the system (Score:3, Interesting)
Why not have patents peer reviewed? (Score:3, Interesting)
Why don't we do the same with patents? When a patent regarding, say, computing comes out.. why doesn't it end up in PC Magazine, or on Slashdot, for peer review? That way, anyone who has a complaint about the patent can register it with the patent office, and we can stop silly stuff like this happening.
Re:Prior Art? (Score:4, Interesting)
If someone objects on the basis of prior art, then the patent office could look and see if their complaint was valid or not.
I have prior art (Score:3, Interesting)
Our user management is handled by two guys who don't have strong UNIX skills. They have to setup users, add mail aliases and set passwords etc. The operator type roles that sys admins like to delegate.
They are trusted individuals in the sense that they won't intentionally damage a system, but their experience is such that they can, and have caused accidental damage (one of them deleted all lines in the mailaliases file using vi by mistake).
I wrote a menu wrapper for their logins that allow them to request certain functions be performed (password wipes etc.). When they action a function, a temporary lock file is written to a directory (/var/local) that only their group can write to. A cron job, running as root, executes every minute and if a lockfile exists, will perform the command (with some sanity checking involved - e.g., it's not possible to change password if the requested user has a UID less than 100).
It's not 100% secure, but it does the job. I don't have a patent on it, but it's worked for the last couple of years without problems.
SELinux? (Score:3, Interesting)
One can name over a dozen OSes that garnered the famed Class B1 [ncsc.mil] Trusted OSes status that provided this feature set since 1983. Most of them will never see the light of days due to their classified status.
Perhaps, the U.S. Patent Office should consider investigating for possible industrial payola to their underpaid $60,000/yr GS-5 ranking [uspto.gov] corporate-rejecting $125K [salary.com] real [google.com] bad [rateitall.com] diploma-milled reviewers.
Re:resolving patent disputes (Score:3, Interesting)
You are not getting the point.
Microsoft knows these patents are bullshit -- they're not stupid. They're counting on the patent office being stupid enough to approve them so they can hold them over someone's head in court.
If Microsoft can force enough delays to buy a government and a reprieve from their due penalties, what in the world makes you think anyone other than IBM can afford to defend against this crap?
The process of resolving patent disputes is only a problem because the reviews are performed by untrained monkeys with no experience in the field they're reviewing. Even the Canadian government has the sense to assign the reviews for R&D claims to workers with industry experience, but not the USPTO.
Hell no, that'd interfere with the smooth flow of money back through the lobbyists and "donations".
Re:Prior Art? (Score:4, Interesting)
This has been in place for several years. All patent applications are published in a pre-grant publication (PGPub) at most 18 months after they are submitted. This usually means that the application will be published but unexamined for 12-18 months, and usually published and not issued (or finally rejected) for about 24 months.
There is a section of 35 USC which specifically enables 3rd parties (you) to submit (without editorializing or commenting) pieces of art that you think are applicable. While I haven't poured over this patent, I would have -definitely- looked at UNIX/Linux in excruciating detail while prosecuting it.
Long story short - there is a system in place where you could have looked at this application while it was pending and submitted UNIX man pages or whatever. The fact is that nobody, nobody, nobody ever does this (except large corporations who pay people to do so against their competitors applications.)
It gets better (Score:3, Interesting)
But that's not how corporate research works. Nobody cares how good the patents you get are. Microsoft cross-licenses with all their competitors, anyway. Modern corporate researchers just produce legal fodder -- a slew of patents, which can be used to prevent new entrants from entering a field -- existing oligopolies are maintained by cross-licensing of patents.
Re:Prior Art? (Score:3, Interesting)
Simple. Microsoft doesn't need to win the lawsuit, only drag it on and force the programmer to use money to pay for his lawyer untill the programmer goes banckrupt.
That's the problem of a system where everyone pays his own court expenses - it means that whoever has more money can always win through a war of attrition. And a system where the society pays the court expenses simply encourages trivolous lawsuits as a form of free lottery. A system where loser pays doesn't help either, since, again, the poor cannot afford the risk of losing (there's always that risk, no matter how airtight the case may seem).
A rule of law simply cannot be sustained in a society where greed and ruthlessness are accepted - even admired - emotions and not something shamefull, and where only winning at any cost is considered important. There's an ever-increasing number of people stealing resources, sometimes by abusing the legal system (software patents), sometimes by outright theft (Enron), sometimes by bribing the top officials / representatives (DMCA). It's like a growing army of termites eating a wooden house: a single termite makes negligible damage, easily prepared, but with enough termites the whole house is going to collapse sooner or later.
Furthermore, as already reported several times on Slashdot, it is impossible to make a program that doesn't infringe on someones patent - so Microsoft will simply use your idea and ignore your patent, and if you complain, slap you with whatever absurd patents of theirs your program breaks, forcing you into a cross-license agreement, after which you will be trampled by their marketing machine.
Software patents only benefit large corporations, never actual inventors (unless, of course, the inventor happens to own a large software company).