Forgot your password?
typodupeerror
Patents Microsoft Unix Linux

Microsoft Patents Sudo's Behavior 657

Posted by timothy
from the rusty-shotgun's-right-twice-a-day dept.
Foofoobar writes "Just when you thought all was safe on the crazy patent front, Microsoft has come out of the obvious patent closet to file patent number 7617530, which basically duplicates the functionality of 'sudo' which is found in all Linux systems. PJ over at groklaw has a wonderful writeup on the entire fiasco."
This discussion has been archived. No new comments can be posted.

Microsoft Patents Sudo's Behavior

Comments Filter:
  • claims (Score:5, Informative)

    by sopssa (1498795) * <sopssa@email.com> on Wednesday November 11, 2009 @05:39PM (#30065988) Journal

    As usual, you need to look at the claims of the patent. For example these points dont really cover sudo:

    1. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to present a user interface in response to a task being prohibited based on a user's current account not having a right to permit the task, the user interface comprising: information indicating the task and an entity that attempted the task; a selectable help graphic wherein responsive to receiving selection of the selectable help graphic, the computer-readable instructions further cause the computing device to present the information; identifiers, each of the identifiers identifying other accounts having a right to permit the task, wherein the identifiers presented are based on criteria comprising: frequency of use; association with the user; and indication of sufficient but not unlimited rights; one of the identifiers identifies a higher-rights account having a right to permit the task, wherein the one of the identifiers comprises: a graphic identifying the higher-rights accounts associated with the user; and a name of the higher-rights account; an authenticator region capable of receiving, from the user, an authenticator usable to authenticate the higher-rights account having the right to permit the task, wherein: the authenticator comprises a password, and the authenticator region comprises a data-entry field configured to receive the password.

    2. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising: determining multiple accounts capable of permitting a task not permitted by an account of a current user wherein the determining is based on criteria comprising: frequency of use; association with the current user; and indication of sufficient but not unlimited rights; receiving indicators for the multiple accounts capable of permitting the task; presenting a graphical user interface, the graphical user interface having: multiple account regions, each account region identifying one of the multiple accounts capable of permitting the task; an authenticator region capable of receiving an authenticator for one of the multiple accounts capable of permitting the task; receiving, through the graphical user interface, the authenticator for one of the multiple accounts capable of permitting the task; and responsive to receiving the authenticator for one of the accounts capable of permitting the task, packaging, into a computer-readable package, the received authenticator and the account capable of permitting the task associated with the authenticator, the package effective to enable authentication of the account capable of permitting the task.

    3. The media of claim 2, where the each account region comprises a name identifying one of the multiple accounts capable of permitting the task.

    4. The media of claim 2, where the each account region comprises a graphic identifying one of the multiple accounts capable of permitting the task.

    5. The media of claim 2, further comprising permitting the task.

    6. The media of claim 2, further comprising authenticating the account capable of permitting the task and, responsive to authenticating the account capable of permitting the task, temporarily elevating rights of the current user to that of the account capable of permitting the task effective to permit the task.

    7. The media of claim 2, wherein rights of the account of the current user are limited by controlled-access software.

    8. The media of claim 7, wherein the task is prohibited by the controlled-access software prior to authentication of the account capable of permitting the task and wherein the controlled-access software refrains from prohibiting the task in response to authentication of the account capable of permitting the task.

    9. One or more computer-readable media having co

  • Re:Penalties (Score:1, Informative)

    by isama (1537121) on Wednesday November 11, 2009 @05:40PM (#30066026)
    sudo with a gui? gksu

    lame.
  • by Sockatume (732728) on Wednesday November 11, 2009 @05:42PM (#30066038)

    If I'm reading the patent right, they've actually applied for protection of the UAC popup system that appears in Vista and Win7. There's no unqualified patent on user account privilege escalation. Indeed, "su" would be explicitly outwith this patent's claims, as it's specifically about bringing up an interface to escalate when the system determines that escalation will be required, not about escalating manually before the task is attempted.

    Top marks to the Groklaw article for providing a thorough explanation for how they can't get a patent on something they're not trying to get a patent for.

  • by MBCook (132727) <foobarsoft@foobarsoft.com> on Wednesday November 11, 2009 @05:47PM (#30066110) Homepage
    So, like what OS X had a year or two before Vista?
  • by plasmacutter (901737) on Wednesday November 11, 2009 @05:48PM (#30066126)

    If I'm reading the patent right, they've actually applied for protection of the UAC popup system that appears in Vista and Win7. There's no unqualified patent on user account privilege escalation. Indeed, "su" would be explicitly outwith this patent's claims, as it's specifically about bringing up an interface to escalate when the system determines that escalation will be required, not about escalating manually before the task is attempted.

    Top marks to the Groklaw article for providing a thorough explanation for how they can't get a patent on something they're not trying to get a patent for.

    macos x has been doing this since its inception.

    gksudo has been around for a long time as well.

    this is NOT new.

  • by Anonymous Coward on Wednesday November 11, 2009 @05:51PM (#30066174)

    No. OS X doesn't present a list of accounts which you can use to get privilege with, for one thing.

  • Re:claims (Score:5, Informative)

    by Halo1 (136547) <jonas@maebe.elis@ugent@be> on Wednesday November 11, 2009 @05:52PM (#30066196) Homepage

    Remember that they all have to apply.

    No, they don't. Only one independent claim (i.e., 1, 2 or 9) has to apply (at least it's like that in Europe), or an independent claim along with some dependent claims if you want a stronger case because then the claims become more specific and hence hopefully more distant from the prior are (e.g., 2 and 3, or 2 and 7 and 8).

    This isn't exactly sudo.

    That's true. It's still a crappy patent application though, since it basically covers showing a password dialog box with eligible user accounts (along with some details about their associated privileges) when an operation requires elevated privileges.

  • Re:claims (Score:2, Informative)

    by plasmacutter (901737) on Wednesday November 11, 2009 @06:02PM (#30066354)

    cause the computing device to present a user interface in response to a task being prohibited based on a user's current account not having a right to permit the task

    macos x does this

    gksudo does this

    This patent covers material which has been present in linux and macos X and is part of the evolving function of sudo. Fini.

  • by reebmmm (939463) on Wednesday November 11, 2009 @06:05PM (#30066392)

    Not true. This is an ISSUED patent; see the patent number: 7,617,530. You can also check its status in public pair (http://portal.uspto.gov/external/portal/pair):
    10-21-2009 ISSUE.NTF Issue Notification 1
    10-01-2009 IFEE Issue Fee Payment (PTO-85B) 1
    10-01-2009 LET. Miscellaneous Incoming Letter 1
    10-01-2009 WFEE Fee Worksheet (PTO-875) 2
    10-01-2009 N417 EFS Acknowledgment Receipt 2
    08-24-2009 NOA Notice of Allowance and Fees Due (PTOL-85) 10

    I'll draw your attention to the first and last lines in the excerpt from the file wrapper.

    That said, the claims DO NOT cover sudo.

  • Re:claims (Score:5, Informative)

    by jpmorgan (517966) on Wednesday November 11, 2009 @06:06PM (#30066404) Homepage
    Except, gksudo doesn't come up in response to a failed security authentication. gksudo comes up because the control panel knows it needs administrator permissions and explicitly calls gksudo. gksudo is not sitting around behind the scenes, watching for authentication failures.
  • Re:Penalties (Score:5, Informative)

    by Tim C (15259) on Wednesday November 11, 2009 @06:06PM (#30066412)

    I don't condemn all software patents.

    I do. Copyright protects software, there's no need for patent protection.

  • by Qzukk (229616) on Wednesday November 11, 2009 @06:07PM (#30066422) Journal

    Yeah, going to have to agree here. Not only is it specifically an interface brought up after you've tried to do something you're not allowed to (which is what makes it "not sudo"), this interface will give you a list of users who ARE allowed to do it (rather than just the admin account), which is what separates it from all the other implementations of this kind of security that I know of (eg cash registers that stop and require manager intervention or Windows's earlier "You look like you're trying to install a program, would you like to be administrator?" popup).

  • Re:claims (Score:4, Informative)

    by TigerNut (718742) on Wednesday November 11, 2009 @06:17PM (#30066596) Homepage Journal
    Remember that they all have to apply. This isn't exactly sudo.

    Not correct. Of the claims you listed, 1, 2, and 9 are independent claims and can stand alone. A competitive product that incorporated just the elements of, say, claim 9, would violate this patent. A prior art product that included the elements of claim 1 would invalidate claim 1 as an independent claim, but not necessarily the combinations of claim 1 and claim 13 or claim 1 and claim 14. Unless the dependent claims 13 and 14 were subsequently judged to be obvious in light of the earlier product that demonstrated claim 1.

    To an aggressive patent prosecutor, "exactly" has nothing to do with it. The approach is "We've got this patent, see? Pay us the money or we'll sue until you're out of business".

  • Re:Liunx schminux (Score:4, Informative)

    by spitzak (4019) on Wednesday November 11, 2009 @06:39PM (#30066812) Homepage

    You are thinking of just the root account, or maybe "su" which is really "login as root".

    "sudo" as in "run a single command as root and furthermore examine the commands before running them and restrict them to a set, and furthermore examine the user trying to run sudo to select the restricted set" was developed after Linux was popular.

    However I believe a good deal of the work was done on BSD and other Unixes as well.

  • by Theaetetus (590071) <theaetetus.slashdot@gmail. c o m> on Wednesday November 11, 2009 @06:45PM (#30066890) Homepage Journal

    In an attempt to patent a thing rather than the software itself, they say:

    One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:

    In other words, it's not the operation itself, or the software, but the actual _disc_ that they're claiming. The medium, not the message, as it were. At least it's a physical thing.

    Yep... This makes it an "article of manufacture", rather than a "process". The whole Bilski thing up before the Supreme Court only applies to processes; an article of manufacture comprising computer-readable instructions isn't affected, under In Re Beauregard.

    I don't know if "downloaded software" would violate the patent, or if they'd try to claim that having it on the server's discs would violate it. (Surely they wouldn't try to claim that your hard disc on which you've downloaded it would violate the patent, would they?)

    Oh, yeah, they would. You download the software and save it to your hard drive... you just created a computer-readable media (the hard drive) having computer-readable instructions (the software) that, when executed, cause the computer to perform those acts. You're infringing by making and using the patented invention (you don't need to make all the parts of the invention - you don't need to have a hard drive fabrication lab... You just need to be the one to 'assemble' the invention).

    But don't worry, they wouldn't sue you. Instead, they'd go after the people who sold you the software, as it's a component of a patented article of manufacture with no noninfringing uses.

  • Re:I have prior work (Score:1, Informative)

    by Anonymous Coward on Wednesday November 11, 2009 @07:01PM (#30067080)

    Just because there exists prior work does not mean that it is taken into consideration by the Examiner of the current application. The applicant is required to disclose to the USPTO relevant prior work, in this case mention of sudo, priv, etc. Based on the search results found by the Examiner, and all disclosed information provided to the Examiner, the Examiner determines whether the current application is patentable over existing art. Of course, the Examiner may not be aware of relevant art, which leads to undeserving patents being awarded. However, an issued patent can be challenged by issuing a reexamination.

    Also, note that the title of the article and the rant at groklaw is a bit misleading. The invention does not cover prompting for an admin password, or the current user's password, in order to execute the desired task. Instead, the invention patented is limited by the claims to a GUI which displays a list of accounts which have the needed permissions to execute the desired task, and allowing the user to select one of the accounts and entering a password for the selected account.

  • Re:claims (Score:3, Informative)

    by Dachannien (617929) on Wednesday November 11, 2009 @07:09PM (#30067164)

    If it comes down to the degree of "exactly," please provide some examples from patent case law that show that the degree of difference here is sufficient for the two programs not to be close enough to the same that sudo, had it been invented after this patent, wouldn't violate said patent.

    That's not the way it works. The examiner has to make a prima facie case of unpatentability in order to reject a claim. If the examiner can't substantiate such a case, the application gets allowed, and the applicant gets a patent.

    Only when the examiner makes a prima facie case does the burden shift to the applicant to either successfully traverse the rejection (e.g., by properly indicating a flaw in the rejection, by citing case law applicable to the rejection, by providing evidence of unexpected results/commercial success/various other secondary considerations in the case of an obviousness rejection, etc.) or amend the claims.

  • Re:Penalties (Score:5, Informative)

    by PFI_Optix (936301) on Wednesday November 11, 2009 @07:22PM (#30067280) Journal

    After skimming the patent, this sounds more like it's more like prompting for sudo. If this were Linux, it would be something like:

    "You need to use sudo to run this program. Would you like to use sudo? y / n"

    This is a very specific patent and most certainly wouldn't cover sudo, but rather the automatic detection of the need for it and a very detailed description of the GUI built on it. It's almost like the people writing about the patent didn't bother to read it...

  • by BitZtream (692029) on Wednesday November 11, 2009 @07:29PM (#30067336)

    If you're going to claims something copies 'sudo' with 'Linux' please realize that sudo copies su which was around long before Linux.

    sudo has more features than su, yes. Everything that 'copies' sudo has more features as well.

    Although the patent in this case does not copy sudo, or gksudo or OSX. The patent covers something that detects an authorization (NOT AUTHENTICATION) failure and gives an opportunity to elevate privileges and continue rather than denying the request.

    su, sudo, gksudo and the OS X applet all require knowledge in advance that elevated privileges are required.

    Do I think the difference is worth patenting? No, its the next logical step. However, if you're going to rant and rave about what Microsoft is patenting, at least realize they aren't patenting a clone of something you've been using for years.

    You only make the rest of the OSS world look stupid to the powers that be when you rant and rave and you are completely ignorant of whats being done. We lose credibility and get written off as raving lunes when you respond like this. So please, shut the hell up.

  • by argent (18001) <peter.slashdot@2006@taronga@com> on Wednesday November 11, 2009 @07:40PM (#30067470) Homepage Journal

    Dennis Ritchie patented the setuid bit in what was probably the first software patent ever, and released the patent to the public domain. I think that counts as a slam dunk prior art, no?

  • Just like PolicyKit (Score:5, Informative)

    by Jeremy Visser (1205626) on Wednesday November 11, 2009 @07:42PM (#30067486) Homepage

    That's true. It's still a crappy patent application though, since it basically covers showing a password dialog box with eligible user accounts (along with some details about their associated privileges) when an operation requires elevated privileges.

    Indeed. In fact, this patent reminds me more of PolicyKit (which is GUI-based) than sudo. See screenshot [wikipedia.org], which almost exactly matches how I visualised the patent after reading the initial claims.

  • Re:claims (Score:4, Informative)

    by PhilHibbs (4537) <snarks@gmail.com> on Wednesday November 11, 2009 @08:36PM (#30067928) Homepage Journal

    If you try to do something that you aren't allowed to, does sudo automatically pop up and ask you if you want to authenticate to an account that does have the privilidges that you need? That's what this patent is about.

  • Re:Penalties (Score:3, Informative)

    by Weaselmancer (533834) on Wednesday November 11, 2009 @09:14PM (#30068210)

    No, Lame. Fraunhofer is patent encumbered.

  • by Anonymous Coward on Wednesday November 11, 2009 @09:23PM (#30068250)

    IANAL but that's what's known as a CRM (computer-readable media) or Beauregard claim. For a deeper understanding see here:

    http://www.1201tuesday.com/1201_tuesday/2009/09/happy-birthday-beauregard.html

    If you can't be bothered, the point is by saying CRM Microsoft can go after someone who makes software to do this as well as/rather than the end user.

  • Re:Penalties (Score:4, Informative)

    by KnowledgeKeeper (1026242) on Wednesday November 11, 2009 @10:17PM (#30068620)

    And, yes, I do realize Apple stole the GUI from Xerox...

    Actually, no. Apple traded their stocks for a day with Xerox engineers which had to show them what they've done. And they've done very little compared to things that were in the first Mac GUI. I.e. overlapping windows.

    Things like these are documented on Apple's folklore [folklore.org] site.

  • Re:claims (Score:3, Informative)

    by apoc.famine (621563) <<moc.liamg> <ta> <enimaf.copa>> on Wednesday November 11, 2009 @10:24PM (#30068668) Homepage Journal

    Pretty much. I try to update my system, I get a box saying, "Please type your password here to sudo so I can complete this". Ubuntu has been doing that for years now.

  • by Anonymous Coward on Wednesday November 11, 2009 @10:25PM (#30068678)

    As an ex-programmer/technical writer who is now a lawyer who's also worked at the USPTO as an examiner (during law school), I feel I must weigh in on the language issue. Patents and patent applications are neither technical documents nor legalese. They are a unique and bizarre hybrid of the two which, quite frankly, I think no one understands. The claims, specifically, since the specification is sometimes actually intelligible in a meaningful way. Everyone (examiners, phositas, judges, lawyers) has trouble dealing with claims and their meanings. The fact that we require pre-litigation court hearings to determine what a claim means (Markman hearings) AFTER the USPTO has already reviewed and approved the claims, which requires determining what the claim means, should be a sufficiently strong indicator that the current style of writing for patents is uncommunicative and ineffective.

    To speak more directly to software patents, the USPTO doesn't recognize such a thing literally. Moreover, in general the PTO doesn't look upon the software field as a true technical/engineering discipline, and so looks down upon software/programming expertise in it's examiners. If it appears that the PTO doesn't know a thing about how software works or what is out there as prior art, it is because generally it doesn't know a thing. The field of endeavor isn't recognized or utilized, and examiners often interpret claims to avoid dealing with software (as they don't have the background knowledge to know how to begin researching the prior art).

    Software may or may not be patentable ideologically, but as long as the field is given short shrift and basically sneered at by the PTO, no patent process will make sense for the majority of software/business method patents.

    AC for obvious reasons.

  • Re:Penalties (Score:1, Informative)

    by Anonymous Coward on Wednesday November 11, 2009 @10:26PM (#30068686)

    Unfortunately, although software certainly uses mathematics, software is -not- mathematics. Saying software is mathematics and therefore should not be patentable or copyrightable is akin to saying mechanical engineering is mathematics and therefore not patentable. Well of course it's mathematics, but it produces a product and that product is what is patentable.

    That's provably wrong. Writing constructive mathematical proofs and writing computer programs are provably the same activity. The Howard-Curry Correspondence is one of many, many proofs.

    In fact, most "technology" -- that is, sets of production techniques -- are provably equivalent to formal algorithms acting on physical resources.

    I've found programming to be more like engineering that math, and it's certainly about a lot more than logical procedures. If this than that, sure, it also involves applying various algorithms in a way that is useful to the end user. Pure math doesn't bother with this, the math must always be applied somewhere else.

    You don't know much about pure mathematics. Algorithms are proofs. Proofs are algorithms. Proofs are arguments and documentation.

    The whole practice of writing mathematical papers belies your point. Heck, Google for "Literate Haskell" to find a LOT of mathematics papers that use Haskell syntax instead of traditional mathematical syntax. Why? Because the code is an implementation of the same mathematical constructs. So you can talk about your construct, in English, and use it for computation, in Haskell.

    On the other hand, there is some truth to what you say with regards to engineering. Complex mathematical papers typically have a single focus. If you want to combine results from multiple papers, you need to cite them. You need to write your document in such a way that it is clear what those other papers say (insofar as it is relevant to your point). You need to develop your own argument. Notice how much this corresponds to writing code: you need to import libraries. You need to make sure the libraries do what you want. You need to structure your code in such a way to make use of the libraries in order to write your computation/argument.

    What you are describing is architecture, and there is a simple mathematical construct that describes the architecture of every computer program (the monad). Using "the wrong monad" is a recipe for spaghetti code, like many modern abuses of an object system.

  • by Eric Smith (4379) <eric@AAAbrouhaha.com minus threevowels> on Wednesday November 11, 2009 @10:31PM (#30068722) Homepage Journal
    Not a single claim of this patent would be applicable to sudo. The independent claims 1, 2, and 9 don't apply to sudo, because they describe significant behavior that is not part of sudo. By extension, none of the dependent claims can apply to sudo either.

    You can still argue over whether it meets the obviousness criterion, but trying to spin this a "Microsoft patents sudo" is deliberately spreading FUD.

  • Re:Penalties (Score:3, Informative)

    by falconwolf (725481) <falconsoaring_2000&yahoo,com> on Thursday November 12, 2009 @12:32AM (#30069346)

    And, yes, I do realize Apple stole the GUI from Xerox...

    On Xerox, Apple, and Progress [archive.org]. Fact is in return for Xerox allowing Steve Jobs and a development team to tour PARC Jobs allowed Xerox to invest in Apple [vectronicsappleworld.com] by buying 100,000 shares of stock at $10 a share. Less than a year later that $1 million investment netted Xerox $17.6 million when Apple had it's IPO.

    Falcon

  • Re:Penalties (Score:5, Informative)

    by IICV (652597) on Thursday November 12, 2009 @02:26AM (#30069898)
    Further: how quickly we forget the threat of those 235 patents [slashdot.org]. If that's not patent trolling, what is?
  • Re:claims (Score:4, Informative)

    by the_womble (580291) on Thursday November 12, 2009 @03:40AM (#30070112) Homepage Journal

    kdesu and gksu do most of it, and, as someone pointed out above, Policykit does all of it.

  • Re:Penalties (Score:3, Informative)

    by Anonymous Coward on Thursday November 12, 2009 @09:47AM (#30071738)

    You've got it exactly backwards. Patents very specifically do not cover _ideas_. They are absolutely 100% only for implementations.

    It doesn't matter _what_ you build, it matters _how_ you build it.

    The trouble is, that in the software world, many ideas are simple enough that there's really only one or two sensible implementations.

  • Re:Penalties (Score:3, Informative)

    by Golddess (1361003) on Thursday November 12, 2009 @12:45PM (#30074166)

    It doesn't allow for duplication if the result is the same.

    Bullshit.

    In an episode of Modern Marvels [history.com] about Nikola Tesla I believe it was, they'd mentioned how, since Edison had patented his light bulb, he was able to disallow Tesla from using that design at the World's Fair. So Tesla invented his own florescent bulbs. End result is the same (produce light), yet there was no patent infringement on the part of Nikola Tesla.

I don't want to achieve immortality through my work. I want to achieve immortality through not dying. -- Woody Allen

Working...