lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Nov 2009 10:36:19 -0500
From: "Todd C. Miller" <Todd.Miller@...rtesan.com>
To: Leandro Malaquias <lm.net.security@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Patents the "sudo" command

In message <4AFC1708.7040508@...il.com>
	so spake Leandro Malaquias (lm.net.security):

> Website: http://gizmodo.com/5402796/microsoft-patents-the-sudo-command
> Patent: 
> http://patft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1
> &u=/netahtml/PTO/srchnum.htm&r=1&f=G&l=50&s1=7,617,530.PN.&OS=PN/7,617,530&RS
> =PN/7,617,530 

This doesn't sound like it would cover sudo to me, or even a
GUI-wrapper for sudo.  While I am not a patent attorney, I have
been hacking on sudo for the past 15+ years.

My reading of the patent indicates that it is geared towards GUI-based
environments where the user may need to perform some action (such
as setting the clock in a control panel) that requires increased
privileges.  The actual "invention" appears to be that the user is
able to perform an action as a different user without having to
type in the name of that other user when authenticating.  One example
given in that patent is the ability to click on a name in a list
of privileged users as opposed to having to type in a user name.

Sudo simply doesn't work this way.

 - todd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists