Re: [Full-disclosure] Microsoft Patents the "sudo" command

Total propaganda, if you read it properly you will see.. Ms will not ever own or patent the sudo command. They offer a list of accounts which will be needed when elevated privileges are required.. Sudo doesn't do anything like this at all..

Long live Unix commands, down with the cmd.

-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Todd C. Miller
Sent: 12 November 2009 15:36
To: Leandro Malaquias
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Microsoft Patents the "sudo" command

In message <4AFC1708.7040508@xxxxxxxxx>
so spake Leandro Malaquias (lm.net.security):

Website: http://gizmodo.com/5402796/microsoft-patents-the-sudo-command
Patent:
http://patft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=P
ALL&p=1
&u=/netahtml/PTO/srchnum.htm&r=1&f=G&l=50&s1=7,617,530.PN.&OS=PN/7,617
,530&RS
=PN/7,617,530

This doesn't sound like it would cover sudo to me, or even a GUI-wrapper for sudo. While I am not a patent attorney, I have been hacking on sudo for the past 15+ years.

My reading of the patent indicates that it is geared towards GUI-based environments where the user may need to perform some action (such as setting the clock in a control panel) that requires increased privileges. The actual "invention" appears to be that the user is able to perform an action as a different user without having to type in the name of that other user when authenticating. One example given in that patent is the ability to click on a name in a list of privileged users as opposed to having to type in a user name.

Sudo simply doesn't work this way.

- todd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: [Full-disclosure] Microsoft Patents the "sudo" command
    ... GUI-wrapper for sudo. ... While I am not a patent attorney, ... of privileged users as opposed to having to type in a user name. ...
    (Full-Disclosure)
  • [sudo-announce] Sudo version 1.6.8p1 now available (fwd)
    ... [sudo-announce] Sudo version 1.6.8p1 now available ... Sudo version 1.6.8, ... fix for a security flaw in sudoedit that could give a malicious ... After reading through the patent ...
    (Bugtraq)
  • Re: [kde] su identification
    ... assumes that you wish to invoke the root account and will demand Root ... A user may ONLY sudo as allowed in the /etc/sudoers ... allowing a command with any parameters ... This config allows my normal user to do whatever he'd normally be able to ...
    (KDE)
  • Re: Apple recommending anti-virus software for Macs?
    ... > To be ultra-safe with the 'rm' command, ... Not a bad idea for root, It would drive me nuts in my user account. ... downloads directory and executing it. ... That I type an EOF is a trivial difference versus 'sudo' exiting ...
    (comp.sys.mac.system)
  • Re: any way to track commands of a user logged in through ssh
    ... applies _to that command only_. ... the command they want to run with 'sudo', ... I use/run a Shell command that requires 'root' privileges...Especially ... So what do you think about creating a separate 'group' for certain ...
    (comp.os.linux.misc)