Slashdot Mirror
Microsoft Patents sudo
Jimmy O Regan writes "Justin Mason (of SpamAssassin fame) has this blog entry: US Patent 6,775,781, filed by Microsoft, is a patent on the concept of 'a process configured to run under an administrative privilege level' which, based on authorization information 'in a data store', may perform actions at administrative privilege on behalf of a 'user process'."
So, I guess the prior art will be easy to show... right?
5468652047616D65
I don't think I've seen a true unprivileged user under an M$ system yet. Everyone is talking about previous art, which is definitly around, but I'd say make M$ prove they actually understand sudo before you start complaining about "I saw it first."
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
Hmmm, I'm wondering if they are trying to "patent" the process by which hacks and 'sploits use to elevate their rights so that they can throw "patent" infringement charges at the authors of worms / viruii and other malicious malware type stuff, in addition to the tired old "hacking" charges. Then, with the recent change in the political wind, they can use Federal Agents under the Patriot Act to hunt down and arrest those "terrorists" - or was that from "copyright" infringement? I'm getting those two as confused as the congressmen and federal agencies are!
Who is general failure, and why is he reading my hard drive?
I'm not really worried about patents like these because I feel that the whole patent issue is coming to a head, and that in the end, things will change. Silly patents will not even be contested in court, and many will be tossed out for sheer sillyness.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
The American patent system is so out of control, it's unbelievable. The companies that abuse the overworked, underqualified patent office to stack up dubious patents for future ammunition against competitors ought to be sanctioned!
;)
I don't have words to express how angry this IP grab makes me - and I'm not even an American! Did the Patent Office do any looking into prior art in this case at ALL?
Whose brilliant idea was it to give corporations the same legal rights as an individual? I wonder if this kind of crap would happen if only individual inventors could apply for patents, whether or not they were funded by a company that paid for their research. Hell, make it illegal for companies to defend patents or fund the defense of their employees' patents - make it up to the inventor to go to court and defend themselves! Jail time if prior art is found!
Research would still get funded, but only for the purpose of improving products, not for expansion of intellectual property portfolios.
IANAL (obviously), I know these are probably stupid suggestions, but damn it, we need some extreme methods to match the extreme opportunism shown by these companies. Anyone else have other pie-in-the-sky, impractical ideas for changing the US patent system?
Companies are getting rich by stealing the future inventions of people with these generic fucking patents. What are the odds that those who invented the patenting process actually envisioned it being twisted around and allowing people to patent ideas, and concepts, the like of which they themselves have no idea how to achieve.
The idea of a patent is, or at least should be, to patent an invention. Not some task or distant goal which you can imagine some day being achieved, but are unable to currently achieve yourself.
Imagine if Ford had been able to patent the automile in generic enough terms so that any motorized land vehicle was covered... Where would we be today Wine makers had patented the fermentation process before beer had existed?
IMHO, patents should be for very specific inventions, and processes, which you have invented, and can accurately demonstrate at the time of patent request, and which of course didn't exist in it's current form prior to your invention
The computer industry, and it's money sucking lawyers have been allowed to chisel away at the wording and verbiage of the patent laws to such an extent that you are now able to patent just about any idea/concept someone may have down the road. Just think about the stifling of innovation if those science fiction writers of the 50's had patented all that they foresaw.
What makes me mad is that no one has yet come forward and shown prior artwork for a patent on lawyer wielding companies who make their money by exploiting the ideas and innovations of others through a series of generic and vaguely worded patents and threats. Perhaps then this whole mess would disapear.
The article's headline may be a little misleading, as it looks like Microsoft isn't directly patenting "sudo", but rather the concept of "a process configured to run under an administrative privilege level." Microsoft patenting "runas" may be a better description.
It would be cool if it didn't suck.
Personally I hope the Patent office continues granting MS patents that have such prior art ---- two things will happen -- 1) it makes the patent office look to be a joke and can be used in court against patents in general and 2) makes MS look to be even more a fool seeings how they really should know better then to file such patent applications for such prior art stuff in software...
Pubpat or the Electronic Frontier Foundation
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
Although it's easy to view this patent as a frivolous innovation that will probably be overturned (eventually) if MS chooses to pursue action against competitors, the danger is in the precedent that is continually being set by the USPTO. By failing to adequately examine the concepts behing these obvious patents (eg, running a process authorized by root, single/double/triple clicking a mouse, etc.), our patent system is perverted into one where the burden falls on new inventors to prove that their innovations do not infringe on patents, rather then a system where the burden falls on patent-holders to prove that their IP has been infringed upon.
This strategy may work in the US, where we can simply put the inventor^h^h^h^h^h criminals in jail (note that the US already has among the highest incarcerated population %-ages), but it probably won't hold up well against the rest of the world, especially the parts that don't think the USPTO is the last word. Unless we can start to incarcerate a larger percentage of the world's population for infringing on US IP, this strategy may not prove to be sustainable.
Perhaps corporate sponsorship of prisons facilities would help make this strategy a winner...
My theory is that Microsoft is patenting all these things so they can use it as part of a marketing campaign to PHBs when Longhorn comes out. Something to the effect of, "Why take the risk of running Linux when we own the patents on everything they use?" I know a few people it would convince pretty easily... Tis all FUD.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
It's an old news, but I wonder have slashdot crowd found out this patent:
P TO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch- bool.html&r=1&f=G&l=50&co1=AND&d=PG01&s1=200301895 97&OS=20030189597&RS=20030189597
http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=
The most interesting part is the images. There you can actually see the Gnome logo. (There is an extra karma bunus for the first who find the KDE logo;)
So Microsoft have already begun patenting Linux.
It is true that M$ cannot buy GPL code, but it can buy the coders.
Now, guess what will happen after the fiaSCO is over.
Bruce Perens brought this up in a previous patent article and I can't find the post atm. IIRC, it's a criminal offense to knowingly file a false patent. I would assume it falls under perjury. Of course, you don't see anybody actually being prosecuted for this.
I don't want knowledge. I want certainty. - Law, David Bowie
"Is there any penalty for filing patents for which you KNOW prior art exists?"
Well, if the system worked, you would lose your filing fee without getting a patent.
I strongly suspect that this is a reaction to the Eolas patent. Microsoft is now patenting *everything* they want to do. If the patent doesn't stand up due to prior art in the public domain, no problem: no one will be able to enforce that kind of patent *against* them either. If it does hold up, then they have prevented anyone else from patenting the same thing. Either way, they avoid the embarassment of the Eolas situation. Worst case scenario: they have to license from someone else because the patent already exists.
I think su also counts as prior art. The data store is /etc/groups (must be in wheel) instead of /etc/sudoers, and the program that actually gets run is a shell, but I'm not sure how that makes it different.
I rarely criticize things I don't care about.
To get it passed, make some pictures. Take a screen shot of M$'s update notification and then add some preview buttons, a block diagram and other widgets. You might not be able to patent M$'s dinky notification, but you can keep them from improving it. That's what they are trying to do to Gnome's Pager.
Friends don't help friends install M$ junk.
A patent filer has to place some money in escrow as a hedge against anyone finding prior art within, say, two years.
25K or 50K is nothing to MSFT, but is big bucks to the new profession of patent hunter. No prior art search occurs before its granted (just like today, heh heh), but the cash is forfeited if its a prior art patent.
The escrow cash increases as the number of previously bounties claimed against your patents increases.
I can certainly see how this could apply to sudo.
executing an administrative security process under the administrative privilege level;
bash forks/execs the sudo process, which gains root privileges through the setuid bit.
the administrative security process accepting a request from a user process executing under the non-administrative privilege level to initiate a particular administrative method
The request is passed on the command line and accepted by sudo.
the user process calling the administrative security process with parameters comprising (a) an identification of the particular administrative method and (b) arguments to be provided to said particular administrative method; and
Now, this depends on your definition of a method. If an executable program counts as one - and it should, as most administrative tasks under UNIX use separate commands - then this fits perfectly.
the administrative security process calling the identified particular administrative method on behalf of the user process and providing the arguments to said identified particular administrative method.
Sudo execs the requested program. QED.
The thing is, the patent doesn't specifically say the privileged process has to handle multiple requests. Sudo DOES run in its own process before it transfers control.
Karma: Segmentation fault (tried to dereference a null post)
Wondering.
This "prior Art" of which everyone is speaking.
Would it apply to a full-form patent application posted publicly?
Meaning, if I present here the idea of a type of list-browsing method where the user is presented with newest added or scanned items inserted into the next selected cursor position in an updateable or actively updating list as they browse arbitrarily sorted or ordered items or values, that this declaration itself constitutes prior art (if, theoretically, the language was legally sound)?
Even if it's not prior art it's still a good idea huh?
I digress.
Is the concept of an "open patent" even applicable legally? I hope so, because I have some ideas that I would like to open up (and I have the feeling i'm not the only one).
It would be great, having this huge database of ideas that any designer or engineer could feel free to impliment or incorporate or merely look into for inspiration.
Competition is good in practice, but cooperation is better in play.
So, it's somewhat questionable if sudo would really block the claims. I'm sure if one were to send the patent office the sudo info, MS would argue that they have an "already running admin. process" that then actively accepts requests from other user processes.
you may be correct... I wonder, in security terms, if its a good idea to have such a thing constantly on, like you describe.
5468652047616D65
Ugly and insecure I know but my choices were to get off my ass every time the server bogged (not bloody likely), give every bozo with enough rank to work overtime for free admin and show them how (even less likely, I'd quit first) or implement an ugly kludge that could screw things up royal if used by morons.
I also realize upgrading to a OS that did'nt leak memory in it's network service was a long term option.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
This is no flame, but an honest question.
It has been said before that employees of the PTO are paid on a per patent basis. I'm don't know whether this true, but it seems the PTO has to start to be held accountable for its practices.
If a company has to go through a lot of legal expenses to prove a patent invalid, can the PTO be backcharged? Or could one sue directly if the negligence was obvious?
Forget about sudo, what about the OS itself?
c om /help/INSTALL/ADD/QUALIFIERS#PRIVILEGED
One function of most OS's is to let a process
request a function, which is priv'd (the process
has no other way of doing it except through
the OS) and then carrying out that function in
the privileged context of the OS.
If it must be a separate server, how about
XDM, samba, Oracle, or even apache?
And think outside of Unix. VMS has a whole slew
of different privileges which can be set for any
account, with SYSPRV (one bit of many) corresponding to Unix's "root".
More to the point, these priv bits can be set on
installed images. See for instance:
http://vms.process.com/scripts/vmshelp/vmshelp.
So while "JOE" might not be able to do PHY_IO
the software process controlling the disk array can do so on his behalf.
Of course Microsoft certainly knows all about
this since they stole##### "borrowed" this
concept from VMS when they put together
Windows NT.
ssh allows (via authorized_keys) to execute selective remote/local actions by certain authenticated entities. And it is all highly configurable:
- who can execute remote (or local) commands
- what operations (commands) can be executed
- using what privileges (via setuid/setgid bits and command owner/group)
And since the agent (sshd) is a permanently running process, there's really nothing new in this patent as decribed.Am I missing something?
Sudo isnt' a great example.
/root /root /root /bin/ls: /root: Permission denied ./lsmega /root
Setuid is.
You X window system runs setuid root so that when you exectute a command (say run a quake3 game) it is able to access the 3-d rendering stuff in the hardware. Something that only a administrator can normally do.
Say you have a executable, "ls" for instance. As a regular user:
# which ls
# cp ls ~/lsmega
# sudo chown root lsmega
# sudo chmod a+s ls
# ls -ld
drwx------ 49 root root 4096 Aug 7 18:49
# ls
# ls -l lsmega
-rwsr-sr-x 1 root user 75948 Aug 21 01:29 lsmega
#
(root directory file listing)
Now users can execute that file and when doing so they use administrative permissions.
You could also include that file in a script, so that the script executes it will use your user's permissions until your script will execute that command using root permissions.
You can setup a deamon to do that, too. So that when a application or whatever wants to use FTP to access your machine you can set it up to use root permissions (not that you'd want too!)
Hence lsmega provides the user's proccess (your terminal) administrative rights for veiwing files. Exactly what is located in the patent.
not only would the applicant lose the patent and the filing fee, the filing fee would be awarded to the individual who provided the first prior art which invalidated the patent.
In the UK, if you want to get permissions to build on land, or change how your land drainage works, set up certain types of businesses in residential areas, etc, you have to have the details published in the local newspaper and anyone who wants to complain about them can do so.
Why don't we do the same with patents? When a patent regarding, say, computing comes out.. why doesn't it end up in PC Magazine, or on Slashdot, for peer review? That way, anyone who has a complaint about the patent can register it with the patent office, and we can stop silly stuff like this happening.
I can't get the article at the moment (slow net connection), but based on the other comments, I think I have prior art on this. I'm not a genius and I suspect that others have done similar things.
Our user management is handled by two guys who don't have strong UNIX skills. They have to setup users, add mail aliases and set passwords etc. The operator type roles that sys admins like to delegate.
They are trusted individuals in the sense that they won't intentionally damage a system, but their experience is such that they can, and have caused accidental damage (one of them deleted all lines in the mailaliases file using vi by mistake).
I wrote a menu wrapper for their logins that allow them to request certain functions be performed (password wipes etc.). When they action a function, a temporary lock file is written to a directory (/var/local) that only their group can write to. A cron job, running as root, executes every minute and if a lockfile exists, will perform the command (with some sanity checking involved - e.g., it's not possible to change password if the requested user has a UID less than 100).
It's not 100% secure, but it does the job. I don't have a patent on it, but it's worked for the last couple of years without problems.
One can name over a dozen OSes that garnered the famed Class B1 Trusted OSes status that provided this feature set since 1983. Most of them will never see the light of days due to their classified status.
Perhaps, the U.S. Patent Office should consider investigating for possible industrial payola to their underpaid $60,000/yr GS-5 ranking corporate-rejecting $125K real bad diploma-milled reviewers.
You are not getting the point.
Microsoft knows these patents are bullshit -- they're not stupid. They're counting on the patent office being stupid enough to approve them so they can hold them over someone's head in court.
If Microsoft can force enough delays to buy a government and a reprieve from their due penalties, what in the world makes you think anyone other than IBM can afford to defend against this crap?
The process of resolving patent disputes is only a problem because the reviews are performed by untrained monkeys with no experience in the field they're reviewing. Even the Canadian government has the sense to assign the reviews for R&D claims to workers with industry experience, but not the USPTO.
Hell no, that'd interfere with the smooth flow of money back through the lobbyists and "donations".
I do not fail; I succeed at finding out what does not work.
One of the inventors at Microsoft appears to be this gentleman, who works on Apache and is a "founding member of the OpenSSL project". If an OpenSSL guy is unaware of sudo, we're living in Bizarro world.
But that's not how corporate research works. Nobody cares how good the patents you get are. Microsoft cross-licenses with all their competitors, anyway. Modern corporate researchers just produce legal fodder -- a slew of patents, which can be used to prevent new entrants from entering a field -- existing oligopolies are maintained by cross-licensing of patents.
May we never see th