lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <DEF48B74C2B9A041B12DF257E0E136DD022B9B5A8B@susday212.corp.ncr.com> Date: Thu, 12 Nov 2009 11:27:30 -0500 From: "McGhee, Eddie" <Eddie.McGhee@....com> To: "Todd C. Miller" <Todd.Miller@...rtesan.com>, Leandro Malaquias <lm.net.security@...il.com> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Microsoft Patents the "sudo" command Total propaganda, if you read it properly you will see.. Ms will not ever own or patent the sudo command. They offer a list of accounts which will be needed when elevated privileges are required.. Sudo doesn't do anything like this at all.. Long live Unix commands, down with the cmd. -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Todd C. Miller Sent: 12 November 2009 15:36 To: Leandro Malaquias Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Microsoft Patents the "sudo" command In message <4AFC1708.7040508@...il.com> so spake Leandro Malaquias (lm.net.security): > Website: http://gizmodo.com/5402796/microsoft-patents-the-sudo-command > Patent: > http://patft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=P > ALL&p=1 > &u=/netahtml/PTO/srchnum.htm&r=1&f=G&l=50&s1=7,617,530.PN.&OS=PN/7,617 > ,530&RS > =PN/7,617,530 This doesn't sound like it would cover sudo to me, or even a GUI-wrapper for sudo. While I am not a patent attorney, I have been hacking on sudo for the past 15+ years. My reading of the patent indicates that it is geared towards GUI-based environments where the user may need to perform some action (such as setting the clock in a control panel) that requires increased privileges. The actual "invention" appears to be that the user is able to perform an action as a different user without having to type in the name of that other user when authenticating. One example given in that patent is the ability to click on a name in a list of privileged users as opposed to having to type in a user name. Sudo simply doesn't work this way. - todd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists