lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <4AFD5CAB.9070400@gmail.com> Date: Fri, 13 Nov 2009 13:18:35 +0000 From: Leandro Malaquias <lm.net.security@...il.com> To: "Todd C. Miller" <Todd.Miller@...rtesan.com> Cc: full-disclosure@...ts.grok.org.uk, Valdis.Kletnieks@...edu Subject: Re: Microsoft Patents the "sudo" command Todd C. Miller wrote: > In message <7897.1258048751@...ing-police.cc.vt.edu> > so spake (Valdis.Kletnieks): > > >> Umm... my check of my 'sudo' manpage says that the '-u username' is >> optional, and I don't remember having to use '-u root', so it's supported >> doing it without having to type the target username for years... >> > > Sudo has always defaulted to running commands as root. > > >> Unless I'm misunderstanding your interpretation of the invention and how >> it compares to traditional sudo usage? >> > > It's very possible that I am not doing a good job of explaining my > interpretation. As I see it, the invention is about providing the > user with a list of privileged users with the appropriate rights > to perform the action in a GUI when the user tries to perform an > action that they don't have sufficient rights to do. If you read > the patent in question, in all its TIFF glory (what do they have > against text?) they list a number of possible scenarios. > > Sudo doesn't contain any logic to try and figure out what user a > command should be run as in order for it to succeed (and no, root > isn't always the right answer, especially when NFS is in the picture). > > - todd > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > http://www.h-online.com/security/news/item/New-Microsoft-patent-may-put-Linux-security-components-at-risk-857848.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists