| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Nov 2009 13:47:36 -0500 From: "Todd C. Miller" <Todd.Miller@...rtesan.com> To: Valdis.Kletnieks@...edu Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Microsoft Patents the "sudo" command In message <7897.1258048751@...ing-police.cc.vt.edu> so spake (Valdis.Kletnieks): > Umm... my check of my 'sudo' manpage says that the '-u username' is > optional, and I don't remember having to use '-u root', so it's supported > doing it without having to type the target username for years... Sudo has always defaulted to running commands as root. > Unless I'm misunderstanding your interpretation of the invention and how > it compares to traditional sudo usage? It's very possible that I am not doing a good job of explaining my interpretation. As I see it, the invention is about providing the user with a list of privileged users with the appropriate rights to perform the action in a GUI when the user tries to perform an action that they don't have sufficient rights to do. If you read the patent in question, in all its TIFF glory (what do they have against text?) they list a number of possible scenarios. Sudo doesn't contain any logic to try and figure out what user a command should be run as in order for it to succeed (and no, root isn't always the right answer, especially when NFS is in the picture). - todd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists