| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200911121536.nACFaJuo032210@core.courtesan.com> Date: Thu, 12 Nov 2009 10:36:19 -0500 From: "Todd C. Miller" <Todd.Miller@...rtesan.com> To: Leandro Malaquias <lm.net.security@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Microsoft Patents the "sudo" command In message <4AFC1708.7040508@...il.com> so spake Leandro Malaquias (lm.net.security): > Website: http://gizmodo.com/5402796/microsoft-patents-the-sudo-command > Patent: > http://patft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1 > &u=/netahtml/PTO/srchnum.htm&r=1&f=G&l=50&s1=7,617,530.PN.&OS=PN/7,617,530&RS > =PN/7,617,530 This doesn't sound like it would cover sudo to me, or even a GUI-wrapper for sudo. While I am not a patent attorney, I have been hacking on sudo for the past 15+ years. My reading of the patent indicates that it is geared towards GUI-based environments where the user may need to perform some action (such as setting the clock in a control panel) that requires increased privileges. The actual "invention" appears to be that the user is able to perform an action as a different user without having to type in the name of that other user when authenticating. One example given in that patent is the ability to click on a name in a list of privileged users as opposed to having to type in a user name. Sudo simply doesn't work this way. - todd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists