Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Patents Sudo's Behavior

timothy posted more than 4 years ago | from the rusty-shotgun's-right-twice-a-day dept.

Patents 657

Foofoobar writes "Just when you thought all was safe on the crazy patent front, Microsoft has come out of the obvious patent closet to file patent number 7617530, which basically duplicates the functionality of 'sudo' which is found in all Linux systems. PJ over at groklaw has a wonderful writeup on the entire fiasco."

cancel ×

657 comments

Sorry! There are no comments related to the filter you selected.

Penalties (3, Interesting)

alain94040 (785132) | more than 4 years ago | (#30065978)

I don't condemn all software patents. Just because it's software doesn't mean that it can't be brilliant and stunningly innovative.

But sudo with a GUI? A quick fix I'd suggest to get rid of those bogus patents is to have a rule that says that if a patent is proven obvious later on, then the company (Microsoft in that case) would lose all their patents for the year. That would make them think twice before filing junk...

---
the Co-FoundersMeetup [meetup.com] in Mountain View is next week

Re:Penalties (1, Informative)

isama (1537121) | more than 4 years ago | (#30066026)

sudo with a gui? gksu

lame.

Re:Penalties (5, Insightful)

sopssa (1498795) | more than 4 years ago | (#30066082)

It's US patent system's fault, not Microsoft. They have to file these to cover their own ass. And actually I haven't ever seen MS patent trolling, they've even gave their patents to organizations which purpose is to keep them open. Even the TomTom vs. Microsoft case was because TomTom attacked MS first and they had to counter.

Patent system is the one to blame.

Re:Penalties (5, Funny)

Ethanol-fueled (1125189) | more than 4 years ago | (#30066140)

Patent system is the one to blame.

There are too many sudo-intellectuals running it, that's why.

Re:Penalties (5, Funny)

neiras (723124) | more than 4 years ago | (#30066462)


$ make me a patent
make: *** No rule to make target `me'. Stop.
$ sudo make me a patent
Okay!
$

Re:Penalties (0)

jez9999 (618189) | more than 4 years ago | (#30066102)

I condemn all software patents.

Re:Penalties (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#30066114)

How noble of you to want to pass laws that could potentially cripple a company for slight over sights. Maybe we should be allowed to review your private life and decide what is a legitimate error and what is you just being [lazy/cheap/copping out] and just throw a whimsical penalty at you. How does that sound?

Or can we use common sense here and determine the nature of potentially fraudulent claims and determine penalties from there?

According to a couple of posts that have already come out this patent isn't what you think it appears to be but, oh well, to hell with the facts... let's just get back to our daily two minutes of hate to make you feel better about whatever it is you feel inadequate about.

Re:Penalties (4, Insightful)

alexborges (313924) | more than 4 years ago | (#30066146)

Patenting sudo is a slight legitimate error?

Damn. I want some of that anti-guilt thing you are taking.

How is any part of that flamebait? (2, Interesting)

HangingChad (677530) | more than 4 years ago | (#30066362)

Just because it's software doesn't mean that it can't be brilliant and stunningly innovative.

The suggested punishment might be a little extreme, but the idea is sound. We need some kind of penalty for companies filing junk patents for the electronic equivalent of exchanging oxygen for carbon dioxide across a thin, moist membrane.

Re:Penalties (5, Informative)

Tim C (15259) | more than 4 years ago | (#30066412)

I don't condemn all software patents.

I do. Copyright protects software, there's no need for patent protection.

claims (5, Informative)

sopssa (1498795) | more than 4 years ago | (#30065988)

As usual, you need to look at the claims of the patent. For example these points dont really cover sudo:

1. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to present a user interface in response to a task being prohibited based on a user's current account not having a right to permit the task, the user interface comprising: information indicating the task and an entity that attempted the task; a selectable help graphic wherein responsive to receiving selection of the selectable help graphic, the computer-readable instructions further cause the computing device to present the information; identifiers, each of the identifiers identifying other accounts having a right to permit the task, wherein the identifiers presented are based on criteria comprising: frequency of use; association with the user; and indication of sufficient but not unlimited rights; one of the identifiers identifies a higher-rights account having a right to permit the task, wherein the one of the identifiers comprises: a graphic identifying the higher-rights accounts associated with the user; and a name of the higher-rights account; an authenticator region capable of receiving, from the user, an authenticator usable to authenticate the higher-rights account having the right to permit the task, wherein: the authenticator comprises a password, and the authenticator region comprises a data-entry field configured to receive the password.

2. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising: determining multiple accounts capable of permitting a task not permitted by an account of a current user wherein the determining is based on criteria comprising: frequency of use; association with the current user; and indication of sufficient but not unlimited rights; receiving indicators for the multiple accounts capable of permitting the task; presenting a graphical user interface, the graphical user interface having: multiple account regions, each account region identifying one of the multiple accounts capable of permitting the task; an authenticator region capable of receiving an authenticator for one of the multiple accounts capable of permitting the task; receiving, through the graphical user interface, the authenticator for one of the multiple accounts capable of permitting the task; and responsive to receiving the authenticator for one of the accounts capable of permitting the task, packaging, into a computer-readable package, the received authenticator and the account capable of permitting the task associated with the authenticator, the package effective to enable authentication of the account capable of permitting the task.

3. The media of claim 2, where the each account region comprises a name identifying one of the multiple accounts capable of permitting the task.

4. The media of claim 2, where the each account region comprises a graphic identifying one of the multiple accounts capable of permitting the task.

5. The media of claim 2, further comprising permitting the task.

6. The media of claim 2, further comprising authenticating the account capable of permitting the task and, responsive to authenticating the account capable of permitting the task, temporarily elevating rights of the current user to that of the account capable of permitting the task effective to permit the task.

7. The media of claim 2, wherein rights of the account of the current user are limited by controlled-access software.

8. The media of claim 7, wherein the task is prohibited by the controlled-access software prior to authentication of the account capable of permitting the task and wherein the controlled-access software refrains from prohibiting the task in response to authentication of the account capable of permitting the task.

9. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising: presenting a higher-rights account to a computer user currently logged on to a computer's operating system with a limited-rights account, the higher-rights account having a right to permit a task currently prohibited by the operating system based on the limited-rights account not having the right to permit the task, the higher-rights account presented with an identifier capable of identifying a name of the higher-rights account or a person associated with the higher-rights account, wherein the act of presenting the higher-rights account comprises presenting additional higher-rights accounts, each additional higher-rights account being presented with an additional identifier capable of identifying a name of the additional higher-rights account or a person associated with the additional higher-rights account and wherein the additional higher-rights accounts being presented are determined based on criteria comprising: indication of sufficient but not unlimited rights: frequency of use; and association with the current user; an authenticator region configured to receive an authenticator, the authenticator usable to authenticate the higher-rights account wherein the authenticator received comprises a password that is the same authenticator used for the user's current limited-rights account and the authenticator region comprises a data-entry field into which the user may type the password; authenticating the higher-rights account; and temporarily elevating the computer user's rights to that of the higher-rights account effective to permit the operating system to cease prohibiting the task.

10. The media of claim 9, wherein the act of presenting the higher-rights account comprises presenting a graphical user interface comprising the identifier and a data-entry field capable of receiving entry of the authenticator.

11. The media of claim 9, wherein the act of temporarily elevating the computer user's rights comprises elevating the computer user's rights only for so long as is needed to permit the operating system to cease prohibiting the task.

12. The media of claim 9, wherein the act of temporarily elevating the computer user's rights comprises returning the computer user's rights to those of the limited-rights account once the operating system ceases to prohibit the task.

13. The user interface of claim 1, wherein the identifiers presented include the identifier of the user's current account having limited rights.

14. The user interface of claim 1, wherein the authenticator received is the same as the authenticator used for the user's current limited-rights account.

15. The media of claim 2, further comprising authenticating the account with the same identifier and authenticator as used for the user's current account.

Remember that they all have to apply. This isn't exactly sudo.

This is why software patents shouldn't be allowed (5, Funny)

PinkyDead (862370) | more than 4 years ago | (#30066088)

...because I couldn't bothered reading all that shit.

Re:This is why software patents shouldn't be allow (-1, Flamebait)

CajunArson (465943) | more than 4 years ago | (#30066440)

Thanks for telling us that those claims are too complicated for you to read. Please make sure to put that on your resume, because if I was a potential employer looking to hire you for anything even remotely technical, I'd want to know that you give up whenever a discussion gets remotely above the complexity of "M$ sux0rz."

Anyone else like PinkDead, please post too so we can winnow the chaff.

Re:This is why software patents shouldn't be allow (4, Insightful)

jamstar7 (694492) | more than 4 years ago | (#30066516)

Thanks for telling us that those claims are too complicated for you to read. Please make sure to put that on your resume, because if I was a potential employer looking to hire you for anything even remotely technical, I'd want to know that you give up whenever a discussion gets remotely above the complexity of "M$ sux0rz."

Since when do programmers need to be patent lawyers? Patents are written in fluent legalese, not plain $HUMANLANGUAGEOFYOURCHOICE.

Re:This is why software patents shouldn't be allow (5, Funny)

nitehawk214 (222219) | more than 4 years ago | (#30066494)

I couldn't bothered reading all that shit.

Oddly enough, that is exactly what the patent examiner said.

Re:claims (1, Insightful)

plasmacutter (901737) | more than 4 years ago | (#30066106)

The person analyzing this for groklaw is a lawyer well seasoned in tech and IP litigation, and disagrees with you.

Funny how you also don't provide the analysis into common english.

It's sudo with a gui, in other words: what macos does when you try to modify files in the system folder, or gksudo in linux.

Re:claims (1)

CannonballHead (842625) | more than 4 years ago | (#30066168)

The person analyzing this for groklaw is a lawyer well seasoned in tech and IP litigation, and disagrees with you.

That's the argument politicians use for why they know better than I do what I want ;)

Re:claims (1)

sopssa (1498795) | more than 4 years ago | (#30066178)

Groklaw article is saying that Microsoft is filing this patent to collect a toll from Linux community for sudo. But there is no case, since if the patent would collide with sudo it would itself be invalid, because sudo has been around since like 1980.

Again the claims do not fully overlap with sudo (or gui's that use it). Every claim has to collide for there to be a case.

Re:claims (1)

jedidiah (1196) | more than 4 years ago | (#30066368)

This seems to be an implementation of the sudo "concept" for the Windows
security model. If they are allowed to get a patent on this, this basically
means that any CIS undergrad that can cook up their own solution can be sued
for doing so and using the results of their own intellect.

Re:claims (1)

Sockatume (732728) | more than 4 years ago | (#30066198)

I don't think that the following, the author's only analysis of the claims of the patent, is really an air-tight disassembly of its value:

"Etc. blah, blah. Dude. It's sudo. With a gui. Sudo for Dummies. That's what it is. Software and patents need to get a divorce, before all the geeks in the world either stop coding in disgust or die laughing."

Re:claims (1)

plasmacutter (901737) | more than 4 years ago | (#30066276)

I don't think that the following, the author's only analysis of the claims of the patent, is really an air-tight disassembly of its value:

"Etc. blah, blah. Dude. It's sudo. With a gui. Sudo for Dummies. That's what it is. Software and patents need to get a divorce, before all the geeks in the world either stop coding in disgust or die laughing."

The whole point of a lawyer's interpretation of patents, contracts, or legal text is to make it understandable. That's exactly what is done.

Going through line-by-line analysis will lose most of the readership and defeat the purpose.

Re:claims (1)

Sockatume (732728) | more than 4 years ago | (#30066316)

Such a response doesn't render it understandable, it simply returns an opinion. It's the equivalent of pointing at a rock and going "SHIT FALLS DOWN" as an attempt to render gravity understandable.

Re:claims (1)

jack2000 (1178961) | more than 4 years ago | (#30066488)

For the kind of people that run the patent system that really is understandable...:[

Re:claims (2, Insightful)

jpmorgan (517966) | more than 4 years ago | (#30066230)

Apparently the author at groklaw either doesn't understand patents, or doesn't understand the technology. Look at the very first claim:

One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to present a user interface in response to a task being prohibited based on a user's current account not having a right to permit the task, the user interface comprising: information indicating the task and an entity that attempted the task; a selectable help graphic wherein responsive to receiving selection of the selectable help graphic, the computer-readable instructions further cause the computing device to present the information; identifiers, each of the identifiers identifying other accounts having a right to permit the task, wherein the identifiers presented are based on criteria comprising: frequency of use; association with the user; and indication of sufficient but not unlimited rights; one of the identifiers identifies a higher-rights account having a right to permit the task, wherein the one of the identifiers comprises: a graphic identifying the higher-rights accounts associated with the user; and a name of the higher-rights account; an authenticator region capable of receiving, from the user, an authenticator usable to authenticate the higher-rights account having the right to permit the task, wherein: the authenticator comprises a password, and the authenticator region comprises a data-entry field configured to receive the password.

Emphasis mine. Sudo does not do this. Thus, this patent does not cover sudo. Fini.

Re:claims (0)

Anonymous Coward | more than 4 years ago | (#30066346)

Emphasis mine. Sudo does not do this. Thus, this patent does not cover sudo. Fini.

The part you added emphasis to is:
in response to a task being prohibited based on a user's current account not having a right to permit the task

That is exactly how it works. gksudo at least, and whatever they call the sudo gui in OS X.

Double click an administration app that needs root, but under a user account.
Oops! There comes your gksudo dialog, from noticing that the app requires root and that you are not root, and asks for a password (Or just gives an ok/cancel button if password caching is on), and then behind the scenes runs the app again under sudo.

I fail to see how that example is not running sudo in response to a task being prohibited based on a user's current account not having a right to permit the task

Re:claims (1)

sopssa (1498795) | more than 4 years ago | (#30066396)

That is exactly how it works. gksudo at least, and whatever they call the sudo gui in OS X.

Double click an administration app that needs root, but under a user account.
Oops! There comes your gksudo dialog, from noticing that the app requires root and that you are not root, and asks for a password (Or just gives an ok/cancel button if password caching is on), and then behind the scenes runs the app again under sudo.

I fail to see how that example is not running sudo in response to a task being prohibited based on a user's current account not having a right to permit the task

Do we have to go down the list of every claim now? What about this one thats under it

identifiers, each of the identifiers identifying other accounts having a right to permit the task, wherein the identifiers presented are based on criteria comprising: frequency of use; association with the user; and indication of sufficient but not unlimited rights;

Does gksudo or OS X do this? Because it has to apply as well.

Re:claims (5, Informative)

jpmorgan (517966) | more than 4 years ago | (#30066404)

Except, gksudo doesn't come up in response to a failed security authentication. gksudo comes up because the control panel knows it needs administrator permissions and explicitly calls gksudo. gksudo is not sitting around behind the scenes, watching for authentication failures.

Re:claims (2, Informative)

plasmacutter (901737) | more than 4 years ago | (#30066354)

cause the computing device to present a user interface in response to a task being prohibited based on a user's current account not having a right to permit the task

macos x does this

gksudo does this

This patent covers material which has been present in linux and macos X and is part of the evolving function of sudo. Fini.

Re:claims (1)

xenocide2 (231786) | more than 4 years ago | (#30066448)

gksudo does not do this. It's literally a GTK frontend to sudo. If you try to do something via gui that fails, gksudo will not suddenly run and ask you for prompts.

There are existing systems that do do this, like update-manager and PolicyKit.

Re:claims (1)

jpmorgan (517966) | more than 4 years ago | (#30066554)

I have no clue what OS X does, but gksudo does not. gksudo is just a graphical front end, it does not come up "in response to a task being prohibited based on a user's current account not having a right to permit the task." gksudo is in some instances called proactively and explicitly by certain programs (like gnome control center windows). But it does not transparently operate behind the scenes, elevating programs based on OS level privilege failures, as this patent describes. You are confusing proactive and explicit use with reactive and automatic use, as the patent covers.

Re:claims (1)

Xiaran (836924) | more than 4 years ago | (#30066386)

While Ill agree with you about sudo I would point out that many GUI systems including Linux and OS X *do* present a GUI when attempting to execute a task that requires higher permissions.

Re:claims (1)

jpmorgan (517966) | more than 4 years ago | (#30066442)

Presenting a GUI when attempting to execute a task that requires higher permissions, is not in response to a task being prohibited. gksudo in Linux is used proactively and explicitly by the control panel. This patent covers reactive and automatic elevation based on software behavior.

This IS already being done in Linux (2, Interesting)

gbutler69 (910166) | more than 4 years ago | (#30066460)

And I'm not just talking about sudo/gksudo etc....look at "Policy Kit". This is EXACTLY what this Patent describes. EPIC FAIL Microsoft! The FREE SOFTWARE WORLD has OUT INNOVATED YOU AGAIN! Been doing this for at least more than a year. Been in design/documentation/talked about for even longer.

Re:This IS already being done in Linux (1)

CannonballHead (842625) | more than 4 years ago | (#30066542)

This is EXACTLY what this Patent describes. EPIC FAIL Microsoft! The FREE SOFTWARE WORLD has OUT INNOVATED YOU AGAIN! Been doing this for at least more than a year. Been in design/documentation/talked about for even longer.

And UAC was in Vista, which was publically released in 2007, almost three years ago (it was released in January of 2007)... maybe MS should claim prior art. ;)

Re:claims (1)

tinkerghost (944862) | more than 4 years ago | (#30066512)

in response to a task being prohibited based on a user's current account not having a right to permit the task

Emphasis mine. Sudo does not do this. Thus, this patent does not cover sudo. Fini.

This is a patent on using a custom error handler as a wrapper to call sudo, so you're right: it's not sudo. On the other hand, using existing tools for what they are designed for isn't supposed to rise to the level of patent-ability.

Re:claims (1)

Shagg (99693) | more than 4 years ago | (#30066520)

Have you used any recent versions of Linux (within the last several years at least)? Login to the GUI as a regular user, click on something that needs root permissions, you get a popup box warning you and also requesting the root password. It's basically the exact same thing as this patent.

Re:claims (1)

nine-times (778537) | more than 4 years ago | (#30066534)

So if you change/drop any of the elements of this patent, is it not covered? Like if you don't have identifiers indicated other accounts having the right to permit the task, but you have the rest of it, can you say, "Sorry Microsoft, but your patent doesn't cover my implimentation."?

Re:claims (0)

Anonymous Coward | more than 4 years ago | (#30066556)

Lawyer talk. IRIX had this behaviour in the package manager ages ago (start package manager unprivileged, dialog requesting root password). Red Carpet has this for some time now.

Same difference, ridiculous patent.

Re:claims (1)

digitig (1056110) | more than 4 years ago | (#30066544)

The person analyzing this for groklaw is a lawyer well seasoned in tech and IP litigation, and disagrees with you.

Funny how you also don't provide the analysis into common english.

It's sudo with a gui, in other words: what macos does when you try to modify files in the system folder, or gksudo in linux.

It's sudo with a GUI, but it specifies features of the GUI that I've not seen on Linux (not that I'm much of a Linux guru). Yes, when I try to do something beyond my privs I might get a dialog offering to sudo, mut the Microsoft patent also seems to say that the dialog will actually offer the names of logins that do have the required privs, based on frequency of use and whether they're associated with the current user. that's something I've not seen. Not something I especially want to see either, but it suggests something more novel than a simple sudo GUI,

Re:claims (1)

greensoap (566467) | more than 4 years ago | (#30066134)

No mod points, so I just wanted to say thank you to the parent. Those claims do not cover sudo. Congratulations to the OP on using scare tactics to get to the front page os /. Well played good sir, well played.

POLICY KIT! (0, Redundant)

gbutler69 (910166) | more than 4 years ago | (#30066480)

http://hal.freedesktop.org/docs/PolicyKit/

Kill software patents (4, Interesting)

rolfwind (528248) | more than 4 years ago | (#30066148)

The big industry writes them up just as protection from patent trolls and then collude to keep small competition out (ie Microsoft was threatening that Linux was stepping on its patents back in the day).

Patents were made to spawn innovation - bypassing secretive guilds by incentivizing the opening of knowledge to public domain in exchange for a limited time monopoly. Projects and society are way too fluid now to keep many inane details secret anyway. There needs to be a study of which types of patents coming in provide useful knowledge to the People, and which majority are just wastes dumps of text - and amend the system accordingly.

I would urge the USA to do this now, while it is the leading superpower in which others follow suit. It may have been to our advantage in the past, but not so in the future, imo.

Re:claims (1)

alexborges (313924) | more than 4 years ago | (#30066164)

We call that "SELINUX".

GFYS.

Re:claims (5, Informative)

Halo1 (136547) | more than 4 years ago | (#30066196)

Remember that they all have to apply.

No, they don't. Only one independent claim (i.e., 1, 2 or 9) has to apply (at least it's like that in Europe), or an independent claim along with some dependent claims if you want a stronger case because then the claims become more specific and hence hopefully more distant from the prior are (e.g., 2 and 3, or 2 and 7 and 8).

This isn't exactly sudo.

That's true. It's still a crappy patent application though, since it basically covers showing a password dialog box with eligible user accounts (along with some details about their associated privileges) when an operation requires elevated privileges.

Re:claims (1)

Victor_0x53h (1164907) | more than 4 years ago | (#30066210)

Is there a grammar or patent-writing rule prohibiting numbered points from containing more than one period? I wonder if this has anything to do with blanket approvals.

Re:claims (4, Insightful)

Adrian Lopez (2615) | more than 4 years ago | (#30066240)

Oh no, I've gone cross-eyed.

According to patent law, the above example of murder-by-verbiage is supposed to help third-parties implement the invention described, but the language employed is clearly designed to accomplish the exact opposite. I think it's time to put the patent system out of its misery.

Interesting circumlocution (3, Insightful)

jfengel (409917) | more than 4 years ago | (#30066320)

In an attempt to patent a thing rather than the software itself, they say:

One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:

In other words, it's not the operation itself, or the software, but the actual _disc_ that they're claiming. The medium, not the message, as it were. At least it's a physical thing.

I don't know if "downloaded software" would violate the patent, or if they'd try to claim that having it on the server's discs would violate it. (Surely they wouldn't try to claim that your hard disc on which you've downloaded it would violate the patent, would they?)

ARE YOU KIDDING? (1)

gbutler69 (910166) | more than 4 years ago | (#30066398)

Look at Ubuntu 8.04, 8.10, and 9.10 and tell me how this is different? It isn't.

Re:claims (4, Insightful)

wytcld (179112) | more than 4 years ago | (#30066410)

Where's your analysis of the degree to which this "isn't exactly sudo"? It's pretty damn close. If it comes down to the degree of "exactly," please provide some examples from patent case law that show that the degree of difference here is sufficient for the two programs not to be close enough to the same that sudo, had it been invented after this patent, wouldn't violate said patent.

I'm nothing like a patent attorney. But my understanding is that if someone invents a special right-angle shovel, and patents it, you're going to be in trouble even if your shovel head is only at an 80 degree angle rather than 90 degrees. If not at 80, certainly at 89.

Besides, this patent ends with language claiming that the method of implementation is only the preferred one, while the patent covers other methods of implementation of the same underlying concept. And in which sense is the underlying concept even a few degrees different from what sudo does? Your analysis?

Much more specific than the summary suggests (5, Informative)

Sockatume (732728) | more than 4 years ago | (#30066038)

If I'm reading the patent right, they've actually applied for protection of the UAC popup system that appears in Vista and Win7. There's no unqualified patent on user account privilege escalation. Indeed, "su" would be explicitly outwith this patent's claims, as it's specifically about bringing up an interface to escalate when the system determines that escalation will be required, not about escalating manually before the task is attempted.

Top marks to the Groklaw article for providing a thorough explanation for how they can't get a patent on something they're not trying to get a patent for.

Re:Much more specific than the summary suggests (2, Informative)

MBCook (132727) | more than 4 years ago | (#30066110)

So, like what OS X had a year or two before Vista?

Re:Much more specific than the summary suggests (1, Informative)

Anonymous Coward | more than 4 years ago | (#30066174)

No. OS X doesn't present a list of accounts which you can use to get privilege with, for one thing.

Re:Much more specific than the summary suggests (4, Informative)

plasmacutter (901737) | more than 4 years ago | (#30066126)

If I'm reading the patent right, they've actually applied for protection of the UAC popup system that appears in Vista and Win7. There's no unqualified patent on user account privilege escalation. Indeed, "su" would be explicitly outwith this patent's claims, as it's specifically about bringing up an interface to escalate when the system determines that escalation will be required, not about escalating manually before the task is attempted.

Top marks to the Groklaw article for providing a thorough explanation for how they can't get a patent on something they're not trying to get a patent for.

macos x has been doing this since its inception.

gksudo has been around for a long time as well.

this is NOT new.

Re:Much more specific than the summary suggests (3, Insightful)

Sockatume (732728) | more than 4 years ago | (#30066154)

Perfectly good examples of prior art that the author of that article skipped in favour of a content-less rant.

Re:Much more specific than the summary suggests (0, Redundant)

CannonballHead (842625) | more than 4 years ago | (#30066252)

gksudo escalates as required/when the system determines it is required?

In all my usage of *IX systems, I've always had to either use sudo before I ran something, whether that's in a script or a program calling it and waiting for the user, etc.

That's different from UAC. Which is why the OP said

escalate when the system determines that escalation will be required, not about escalating manually before the task is attempted.

Re:Much more specific than the summary suggests (1, Redundant)

plasmacutter (901737) | more than 4 years ago | (#30066306)

and I'm telling you macos x does that already.

continually telling me the same thing over and over does not make it different.

Re:Much more specific than the summary suggests (1)

CannonballHead (842625) | more than 4 years ago | (#30066336)

gksudo has been around for a long time as well.

I was responding to that.

I have barely used mac os's so I don't want to comment on those, I'll let people that have used it comment.

Incidentally, Apple is no stranger to patents and lawsuits, so if this Apple has prior art, I'm sure they'll let us know...

Re:Much more specific than the summary suggests (1)

CannonballHead (842625) | more than 4 years ago | (#30066352)

On an unrelated note, I didn't realize I responded to you in a different comment. Not trying to troll your comments or something. (just in case the thought arose)

Re:Much more specific than the summary suggests (1)

paxswill (934322) | more than 4 years ago | (#30066504)

IIRC, that's not quite correct. I haven't done any Cocoa recently that required root privileges, but most of the time you mark a task as requiring admin access, and the use is then prompted for a password (normally. If the current logged in user is an admin, and has no password, it will pass through I think). It asks for any user, but just fills in the user name for the currently logged in user if it's an admin. Basically, it will ask for a PW any time it needs sudo, no matter the user (unless the user is root).

Re:Much more specific than the summary suggests (1)

MobyDisk (75490) | more than 4 years ago | (#30066340)

In all my usage of *IX systems, I've never had to do an sudo before I ran something. When I run the app downloading tool thingy, or changed something in the control panel, it just prompts me for a root password. Pardon me for being a Linux neophyte, but I just thought that the UAC prompt was Microsoft's version of the same thing (except that it pops-up at stupid times and asks you the same thing 3 times over).

My knowledge is dated - I think it was Mandrake Linux that did that. Although more recently I saw Ubuntu do it too.

Re:Much more specific than the summary suggests (1)

CannonballHead (842625) | more than 4 years ago | (#30066408)

But it's how that "tool thingy" implemented it that is the question. Using apt requires sudo. If the downloading tool thingy is simply a wrapper for apt (in this example), then it could very likely be calling sudo (or a GUI sudo)... but it's the application that is specifying the need to run sudo. It's not the OS determining "Hey, you can't do that! Do you want to sudo?" At least in my experience, when you try to do something you're not allowed to do in Linux, you get a Permission Denied type response. At lower levels, at any rate; wrappers to these responses may retry with sudo or su or whatever.

It looks like the patent is specifically referring to intercepting things you're not allowed to do and instead of just failing, asking you to authenticate (/telling you that an application is trying to do that, do you want to let it?).

Re:Much more specific than the summary suggests (1)

sopssa (1498795) | more than 4 years ago | (#30066328)

You're forgetting the other claims in the patent. Yeah it's easy to read the summary/abstract of patent and come up with "lol this have been done for so long!" while ignoring what the patent is actually completely claiming. Neither Mac OSX or sudo or gksudo cover what this patent is claiming.

Re:Much more specific than the summary suggests (4, Informative)

Qzukk (229616) | more than 4 years ago | (#30066422)

Yeah, going to have to agree here. Not only is it specifically an interface brought up after you've tried to do something you're not allowed to (which is what makes it "not sudo"), this interface will give you a list of users who ARE allowed to do it (rather than just the admin account), which is what separates it from all the other implementations of this kind of security that I know of (eg cash registers that stop and require manager intervention or Windows's earlier "You look like you're trying to install a program, would you like to be administrator?" popup).

Actually the summary is basically correct (0)

Anonymous Coward | more than 4 years ago | (#30066550)

If using an Administrator action on a Linux system you already get a GUI dialogue to see if you wish to elevate your privileges for that one action, that involves putting in a password but it is the same action.

However the real reason the article is correct is because the patent is actually patenting the notion of elevating your privileges, it chooses to describe how that might work in terms of the UAC of Vista/Win7 but it does not limit itself to that implementation.

So, in effect, Microsoft is patenting sudo

Thought all was safe on the crazy patent front? (1, Troll)

EraserMouseMan (847479) | more than 4 years ago | (#30066050)

What rock did you just crawl out from under?

Re:Thought all was safe on the crazy patent front? (1)

Captain Splendid (673276) | more than 4 years ago | (#30066292)

What rock did you just crawl out from under?

The one where /. FUDs TFS for pageviews?

Wah! Wah! (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#30066062)

We, the stupid open source hippies, are too dumb to patent something.
WWWAAAAHHHHH!!!

Using a *NIX desktop would suck... (4, Funny)

stakovahflow (1660677) | more than 4 years ago | (#30066080)

without "sudo". My thanks to Micro$oft for inventing that great program! --Stak

Re:Using a *NIX desktop would suck... (5, Funny)

marcansoft (727665) | more than 4 years ago | (#30066272)

Meh, I rarely use sudo. I guess I'm just not too used to it. So su me.

Re:Using a *NIX desktop would suck... (2, Insightful)

sopssa (1498795) | more than 4 years ago | (#30066454)

Same here, sudo as it is incredibly inconvenient. When you're performing tasks that require root on Linux, you usually have to type in many commands at once to establish that task.

It's a lot more convenient to just su for root, do the thing and then su back, instead of writing the goddamn sudo all the time.

This just in! (0)

Anonymous Coward | more than 4 years ago | (#30066120)

Groklaw posts an article against some action by Microsoft! Slashdot reports on it!

Doubters abound! Questions Arise!

Who's right? Who's wrong?

Nobody cares.

Interestingly, the word of the day is accuracy.

Re:This just in! (1)

CannonballHead (842625) | more than 4 years ago | (#30066264)

Who's right? Who's wrong?

Neither, who's on first.

$andwich (1)

bunhed (208100) | more than 4 years ago | (#30066130)

$> sudo bill make me a sandwich

Re:$andwich (1)

MrSenile (759314) | more than 4 years ago | (#30066194)

sudo: command not found: Microsoft has just charged your account for attempting to access 'bill' to make 'sandwich'.

Re:$andwich (1)

CannonballHead (842625) | more than 4 years ago | (#30066312)

What is this error syntax you use and where did it come from? ;)

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>sudo
'sudo' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Administrator>

Re:$andwich (1)

sopssa (1498795) | more than 4 years ago | (#30066510)

His Linux distro is pretty fucked up if it lets Microsoft to bill him.

Link (0)

Anonymous Coward | more than 4 years ago | (#30066288)

http://xkcd.com/149/

Stop with the alarmist headlines already (1, Insightful)

techno-vampire (666512) | more than 4 years ago | (#30066156)

I know Slashdot loves to exaggerate things in headlines, but this is absurd. Microsoft has not patented sudo's behavior. At most, it has applied for a patent who's claims could be twisted to make it look like they're trying to patent sudo. Calm down, everybody, it's just an application, the patent hasn't been awarded and, if it's as ridiculous as the summary claims (and I have my doubts about that, too) it's unlikely to be granted.

Re:Stop with the alarmist headlines already (1)

alexborges (313924) | more than 4 years ago | (#30066204)

Yes... your paranoia, people, is not justified. Microsoft never attempts to patent the obvious and then claim bogus issues with competitors.

Re:Stop with the alarmist headlines already (0)

Sockatume (732728) | more than 4 years ago | (#30066280)

So your argument is sometimes, therefore always? Jumping at shadows and concocting specious justifications post hoc makes Microsoft's opponents look like quacks.

Re:Stop with the alarmist headlines already (2, Interesting)

lilo_booter (649045) | more than 4 years ago | (#30066310)

Yes, MS has applied for a patent on sudo's behaviour and that is what the title is ridiculing - as should we. Regardless of their success or failure, we're entitled to point and laugh.

Re:Stop with the alarmist headlines already (3, Informative)

reebmmm (939463) | more than 4 years ago | (#30066392)

Not true. This is an ISSUED patent; see the patent number: 7,617,530. You can also check its status in public pair (http://portal.uspto.gov/external/portal/pair):
10-21-2009 ISSUE.NTF Issue Notification 1
10-01-2009 IFEE Issue Fee Payment (PTO-85B) 1
10-01-2009 LET. Miscellaneous Incoming Letter 1
10-01-2009 WFEE Fee Worksheet (PTO-875) 2
10-01-2009 N417 EFS Acknowledgment Receipt 2
08-24-2009 NOA Notice of Allowance and Fees Due (PTOL-85) 10

I'll draw your attention to the first and last lines in the excerpt from the file wrapper.

That said, the claims DO NOT cover sudo.

"patent this obvious idea" (5, Funny)

Anonymous Coward | more than 4 years ago | (#30066160)

Patent Office: "Rejected."

Microsoft: "sudo patent this obvious idea"

Patent Office: "Okay."

With apologies to xkcd [xkcd.com] .

They didn't get it on their first try... (5, Funny)

BobMcD (601576) | more than 4 years ago | (#30066226)

MS: Grant me this patent.

USPTO: No!

MS: Sudo grant me this patent.

USPTO: Okay...

Just like XKCD (0, Redundant)

kabloom (755503) | more than 4 years ago | (#30066284)

Microsoft walked up to the patent office, and said "Give me a patent." The patent office said "No, there's prior art." Microsoft asked again "Sudo Give me a patent." The patent office replied "OK."

http://xkcd.com/149/ [xkcd.com]

Just curious (0)

Anonymous Coward | more than 4 years ago | (#30066332)

Patent troll has been a business model for some time now, just wondering if Patent Troll was also a job title or at least the name of a department? Are they kept in the basement or is Microsoft upscale enough to build them their own bridge to live under?

So what, they can have it. (0, Flamebait)

smoker2 (750216) | more than 4 years ago | (#30066342)

sudo is shit. What is the point anyway ? Either you've got root, or you assume it with sudo and have exactly the same privileges.

sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file and the group vector is initialized based on the group file (unless the -P option was specified). If the invoking user is root or if the target user is the same as the invoking user, no pass- word is required.

Re:So what, they can have it. (1)

CannonballHead (842625) | more than 4 years ago | (#30066426)

As I recall, you can set up sudo to only allow certain commands. If you are careful with what commands you allow sudoers to run, you can limit the amount of root activity they are allowed.

Re:So what, they can have it. (1)

John Hasler (414242) | more than 4 years ago | (#30066464)

> sudo is shit. What is the point anyway ? Either you've got root, or you
> assume it with sudo and have exactly the same privileges.

Wrong.

man sudo
man sudoers

Re:So what, they can have it. (1)

HeronBlademaster (1079477) | more than 4 years ago | (#30066546)

It's not about having root, it's about not having a root shell open. If I need to run /bin/foo as root, then it's preferable to run it with sudo than by invoking "su" and then running it as root, because with sudo I do not run the risk of forgetting to exit the root shell and then doing something else stupid in that shell.

Your argument may now be "well don't be stupid", but that's an entirely different issue, and doesn't mean we shouldn't have sudo around.

Seems to be describing what Ubuntu (Gnome) does (3, Interesting)

ericthughes (1015253) | more than 4 years ago | (#30066384)

when you attempt to mount a drive that is not defined in fstab. Ubuntu pops up a "enter your password" dialog. M$ maybe up to some dirty old tricks here...

It's the other way round actually... (4, Funny)

pandrijeczko (588093) | more than 4 years ago | (#30066420)

...with Windows' lax control of permissions allowing just about anybody to run as a super user, surely they should have a patent for "sudon't" which would probably be infinitely more useful?

Liunx schminux (1)

wmduncan (888561) | more than 4 years ago | (#30066430)

Come one now - your bias is showing... sudo existed on UNIX before Linus Torvalds was a gleam in his father's eye....

What does functionality have to do with anything? (3, Insightful)

91degrees (207121) | more than 4 years ago | (#30066458)

There are thousands of patents for devices that duplicate the functionality of another. Hell, the diesel engine has exactly the same function as a petrol engine, and much of the functionality of a Newcomen engine (pressure difference driving pistons to provide a motive force).

The patent is on the process. Not the end result.

Now the process is pretty much indistinguishable from sudo as well, but if you're going to criticise at least criticise for the right reasons.

Prior art? (1)

Dumnezeu (1673634) | more than 4 years ago | (#30066478)

Didn't OS X do this already?

I have prior work (5, Interesting)

rkuris (541364) | more than 4 years ago | (#30066482)

I am the original author of "priv", which came before sudo, and I didn't see any mention of it. This utility was published in Unix World back in 1987, and basically did the same thing. Does this mean "priv" is exempt from this patent?

Waiting on this story... (1)

Caviller (1420685) | more than 4 years ago | (#30066492)

Company X patents government.

Company X today has patented the business process know as 'government'. Governments are now required to give X dollars in license feeds per year to Company X in order to stay a sovereign country. Failure to pay fees will result in abandoning you right to sovereignty and becomming a subsideary of Company X. USPTO's response said that this will spur inovation and development of countries by helping them all work as one instead of all the different types there are today.


Comments:

Well....(Score: 5, Sad)
Aparently America has already forgot to pay the fees....lol, i kid,i kid....maybe ;)
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>