03 May 2007

Did Microsoft just patent sudo?

Holy crap, I think they did. Here's the patent for UAC:

A computer such as a network appliance executes an administrative security process configured to run under an administrative privilege level. Having an administrative privilege level, the administrative security process can initiate administrative functions in an operating system function library. A user process executing under a non-administrative privilege level can initiate a particular administrative function that the process would not otherwise be able to initiate by requesting that the administrative security process initiate the function. In response to a request to initiate a particular function from a process with a non-administrative privilege level, the administrative security process determines whether the requesting process is authorized to initiate the particular administrative function based on information accessed in a data store. If the requesting process is authorized, the administrative security process initiates the particular administrative function. In this manner, the administrative security process facilitates access to specific administrative functions for a user process having a privilege level that does not permit the user process to access the administrative functions.
Patent 6775781

Does that sound like sudo to you? Does to me. If you look at sudo's manpage, you'll find a link to this site: The History of Sudo. What can this site tell us? Plenty. For instance,

Sudo was first conceived and implemented by Bob Coggeshall and Cliff Spencer around 1980 at the Department of Computer Science at SUNY/Buffalo. It ran on a VAX-11/750 running 4.1BSD. An updated version, credited to Phil Betchel, Cliff Spencer, Gretchen Phillips, John LoVerso and Don Gworek, was posted to the net.sources newsgroup in December of 1985.
1985, huh? And when did this Microsoft patent happen? It was filed in 2000. Well gee, that doesn't make sense. How'd they get the patent? It certainly falls under the category of "obvious" if there's prior art such as sudo.

What makes this whole thing funny, though, is something I saw a couple days ago. Head over to Builder-AU and listen to Peter Watson from Microsoft. He says,

User Account Control is a great idea and strategically a direction that sort of all operating systems and all technology should be heading down
Excuse me? Does he really believe this is all Microsoft's great new idea?

In the end, this seems like a patent that Microsoft will hold up and say "we have a patent and Linux is violating it!" They won't ever sue on it though (just leave the threat hanging to scare away potential users), because then they could have the patent revoked. It's better for them to just wave it around.

 Subscribe to my RSS Feed to get all the updates on Ubuntu Linux Tips & Tricks.

55 comments:

Anonymous said...

i can make pee and poop and so can microsot. they just get paid better for the shit they make out of nothing.

Jim Davis said...

Microsoft has always loved to steal, but lately they seem to be stooping to more and more desperate measures.

WadeMealing said...

Well, he is right.. everything should be heading down the path.

Too bad unix them first.

Those who don't understand UNIX are doomed to reimplement it. Poorly."

Usurper said...

shit... pee... i make em all the time... microsoft only does it once in 3 years... ohoh v got a big mean constipated monopoly waiting to sue us for using sudo ohoh... the american patent offices are dumb!!! well they do use microsoft windows(!@#$$%%^^%^&shit#$#%^%##@$)...

Anonymous said...

Microsoft uses patents defensively, to prevent themselves for being sued frivolously by other companies. It's hardly a threat to anything that they were granted the patent, dumb as it may be.

Anonymous said...

If there was ever a dispute over this patent initiated by Microsoft, they would fine the patent invalid, as there is obvious prior art. So is the idea for sudo, not already patented by the likes of IBM, SCO, etc.?

Anonymous said...

Unfortunately Microsoft has become the very entity that all those years ago, it fought against to stand up for the common user.

There is a bitterness and almost devious nature in Microsoft of late, from the abysmal release of Vista to the way it conducts business now. This reminds me of a pathetic school playground pranks - very childish.

Linux is making great hedway now, not because its a superior system but because it offers a breath of fresh air - to then see giants like Microsoft poking at any cracks it can find is a little annoying.

To be fair Microsoft has highlighted an issue though, how much of the technology out there (primarily unix) is patented or protected in some way?

Mackenzie said...

I think most open source stuff isn't patented. The reasoning is that once they've made it, no one else can patent it anyway (prior art...ya know, theoretically), and because OSS devs like to share (why else would we have the GPL?) IBM has a bunch of patents that they can use to strongarm MS in the event that they try to take down Linux with patents (since IBM likes Linux), but most Free Software is free in that area too.

Anonymous said...

I'm going to get a patent 1 and 0 and then sue everyone...

Mackenzie said...

Sorry, Anonymous, but according to The Onion, Microsoft already has patents on 1s and 0s :P

Anonymous said...

I think you can patent just anything... This actually has nothing to do with this sudo case but anyway: last year the pantent and register management of Finland accepted a trademark application for basic smileys, :) and :(
That one who registered them was a student who just tested how insane they can be at the management. He didn't believe that he would succeed but got surprised: yes, this is one f*ckng lunatic country with unbelievable laws (imo, also with absolutely nutcase goverment)

If you just try hard enough, you can patent anything. You don't need to be innovative or invent something new, you can just steal old ideas and claim they belong to you.

Should we try to register the word "computer" as a trademark (if it isn't already)?

raphael said...

Well, there are lots of silly and ludicrous patents; Microsoft actually has a patent on error-messages over networks (Oh, the irony, it burns my mind!).

Sun Microsystems have a patent on converting some Excel version fileformat to some other.

Pfizer, Celera, HGS and others have multiple patents on every cell in your body (ie part of your genome).

Patents have become instruments to conquer your corporate foes and dominate local markets by criminalizing any free exchanges of resources or knowledge.

Once patents where meant to protect inventors and their inventions, but that was a looong time ago now. But even in the 19th century there were patent disputes and prior art claims and whatnot (e.g Edison and the lightbulb). It's arguably doubtful if any patent has contributed to technological development.

But the point is that patents are economic tools in a system that value resources by scarcity - if you're alone you can expand vertically (ie raise the prices indefinately).

my €0.2

PS. EU residents, check out
petition dot eurolinux dot org

neurosine said...

I think there may be proof of previous implementations of this process.
Y'know.

Anonymous said...

two words: 'prior art'

I don't understand why they patented it.

Anonymous said...

PS. EU residents, check out
petition dot eurolinux dot org


That old petition is not so relevant any more. More up-to-date sites about software patents in Europe include
ffii.org and www.nosoftwarepatents.com

Anonymous said...

If don't defend a patent you lose the patent MIRITE?

Brian said...

One small detail... The text you pasted details a command that lets another command run as a privileged user/administrator. sudo lets a command run as any other user (but defaults to root). I bet that difference is enough for the patent office,

ahmadifx said...

Guys!!! Its simply stupid to assume UAC = SUDO... Architecturally its wholly different and Microsoft by no means has patented sudo directly or indirectly.. Common the LAW is smarter than us!!! :P .. Actually not always ;-)..

Well Hell ya I cant believe my eyes we got a techno Linux girl in town... :).. Interesting blog!!!! Hey how do I contact ya

Banshie said...

Just because they got it passed, doesn’t mean anything.
Firstly someone will have to challenge it; secondly a judge will have to make a precedent.
Both of which probably won't happen.

President Leechman said...

This is completely unrelated to sudo. This is just an elaboration of the proxy call mechanism they already use instead of setuid. It's more like connecting to a local database server via RPC rather than a socket.

What setuid (and sudo) do is handled in a descendant of the original processes with important state information (such as the current directory, environment, umask, and so on) intact and no requirement for a permanently running service to mediate the request.

Tobias said...

Will people ever learn?
A patent is a list of CLAIMS. Don't read the description, especially not the general descriptions you find in most patents, since these are only meant to give you a vague idea straight away.
A reviewer, or a judge for that matter, will look at the claims made, and most likely not even look at the description. The claims are what is important, and if the claims can not be found implemented in sudo, the patent is valid.

scott.ramsdell said...

This looks quite a bit more to me like Window 2000's ability to elevate the privilege level of a user to admin during a software install assigned to the user through Group Policy.

That made my job very easy, my user weren't admins, but AD would still be able to install software as the user.

Pretty cool technology.

Anonymous said...

Sudo is the switch user command. You can be root and sudo to a lesser user (w/o passwd btw) Microsoft's implementation seems to be escalation oriented only. Microsoft's Run As command is functionally closer to Sudo than this, and you don't even need the sticky bit.

Anonymous said...

Yea, they JUST did this 7 fucking years ago. What a dumbass.

Ricky said...

Honestly, you can see Microsoft fan bois cry "But OSX coppied Redhat" now you can see how it keeps getting lower and lower

Anonymous said...

There is a difference between sudo and the Elevate to administrator in UAC. It is that UAC 'detects' to need admin privileges and asks the user for it, while sudo elevates to root and then runs the application.

Anonymous said...

You are missing the boat. You blogged the abstract of the patent, which is only a brief description of the invention in the patent. It is the claims that describe the metes-and-bounds of what the patent actually covers. The claim is what they will enforce. So the real question is: Does the claim cover sudo? I have no idea but here is the first claim for discussion: 1. In conjunction with an operating system configured to limit access privileges in accordance with defined privilege levels, said privilege levels including at least an administrative privilege level under which a plurality of administrative methods can be initiated and a non-administrative privilege level under which at least one of the administrative methods cannot be initiated, a method comprising: executing an administrative security process under the administrative privilege level; the administrative security process accepting a request from a user process executing under the non-administrative privilege level to initiate a particular administrative method, the user process calling the administrative security process with parameters comprising (a) an identification of the particular administrative method and (b) arguments to be provided to said particular administrative method; and the administrative security process calling the identified particular administrative method on behalf of the user process and providing the arguments to said identified particular administrative method.

Mark said...

"Honestly, you can see Microsoft fan bois cry "But OSX coppied Redhat" now you can see how it keeps getting lower and lower"

The funny part is OSX blows Vista

Eli Reusch said...

Wow, and to think I got away from Microsoft when I switched my OS to Ubuntu from XP. This is infuriating. Can they really get away with this?

Anonymous said...

Holy cow!, this is shudo!

Anonymous said...

Actually AT&T did patent the permissions bits for files and one of theses permissions was the setuid bit on a file allowing that program to run with the permissions of the owner of the file rather than the user. That patent has expired though.

Anonymous said...

Do any of you people ever proof read what you post on places like this? Seriously, spend less time being computer nerds and spend a little more time boosting your grammer and spelling skills beyond the 2nd grade level.

Anonymous said...

well, i dont think it is directed at something like sudo.. they filed it in 2000, im sure someone in microsoft knew about sudo, and would have said "hey, we are going to get sued if we do this the wrong way" they were probably filing the patent for either XP or for 2003 or Vista... who knows.
believe it or not, they aren't out to piss everyone off.

oh, and theres no way you can copyright 0s and 1s. You cant copyright numbers, thats why Intel had to do away with its #86 naming schemes and switch to core names and pentium and whatnot...

Anonymous said...

Guys, if you are going to back microsoft, at least wait until they actually do something worth bashing. They filed patent...wow. How evil.

Counsel said...

As an attorney in the U.S.A., I have to admit that I tell everyone in the open-source movement to patent their inventions, even if they leave the patent in a non-profit group.

Enforcing a patent is easy and gives the patent-holder many rights. Why are open-source projects NOT patenting their 'inventions?'

At least point out the 'stupidity' of the U.S. patent office...

Anonymous said...

I just invented "open" "source" PooPooSoft.

Does Microsoft have it patented?

Anonymous said...

I don't think that that patent describes sudo at all.

Sudo is a command that allows regular users to run other commands at an elevated privilege level based on a set of rules in a data store (sudoers file).

The patent describes a service that runs all the time that allows actions to occur with elevated privileges based on rules in a data store. Rules are updated based on user responses to popup dialogue boxes warning them that a process is trying to perform actions that require elevated privileges.

Similar, but not the same. Sudo doesn't watch processes and ask you if they should be allowed to occur. Sudo only looks at the processes run under it's auspices and allows or denies based on its ruleset.

Robert said...

Folks, my comments build on what [Leechman] said: "What setuid (and sudo) do is handled in a descendant of the original processes."
I further build on what [Tobias] said: claims are central to the patent.
I restate claim 1 below:

A computing device, comprising:
an operating system configured to control access to administrative functions;
xxxx a security process configured to execute with administrative privilege to initiate an administrative function; and
xxxx a user process configured to
execute with non-administrative privilege such that
access to the administrative function is restricted, the user process further configured
to request initiation of the administrative function via the security process with parameters that include
an identification of the administrative function and
input arguments to the administrative function.

So, to infringe, the infringing 'computer device' must have each and every element (or equivalents). At a minimum, an entry question would be, "does both a security process and a user process operate on the computer?" From what Leechman said, he suggests that 'descends' from the 'original process.' If by 'descending', the sudo actually becomes a replacement to some 'user process' and does not operate concurrently, then it appears that the two 'x'ed claim elements do not exist simultaneously. Consequently, no literal infringement of that claim.

Many assumptions are made above, but at core, this is an initial step into an analysis of infringement. Many assumptions have been made as to the technical operation. In addition, the terms are not clearly defined in the patent spec, so there is ample leeway for a judge to pick dictionary that gives inconsistent results. However, the above analysis is supported by a fair interpretation of 'process' as defined in foldoc.org: "sequence of states of an executing program."

Your mileage may vary, other claims may be infringed, a judge's claim construction may depend from differing dictionaries, the scope of equivalents may yet include 'sudo' within its scope. The above analysis is intended only for a hypothetical interpretation of 'sudo' and is not intended to create an attorney-client relationship. If a full analysis is desired, a detailed 'sudo' program listing would be required. If you seek to 'sudo,' please consult your attorney.

As for me, I'll sudo all day long. Sudo, sudo, sudo. See Microsoft, I'm sudoing. Whatcha going to do about it? Offer me a license? I live right next to the Eastern District Court of Texas. I've got Medimmune v. Genentech. What have you got. Come on. I dare you.

Any patent attorney that can't define his terms that he uses in his claims is just throwing lint in your face.

Jeremy said...

I cannot believe the way companies are throwing their money around to get patents and trademarks today. First AOL is given the trademark "AIM" which is an acronym for crying out loud. How can you trademark an acronym? What about the American Institute of Medicine? If they come up with any products, it cannot contain AIM. Now...Microsoft can patent an idea that has been in other operating systems for 20 years? What a fricking joke. The people allowing these trademarks and patent requests are retarded. Someone needs to do an investigation or something.

Anonymous said...

The materialization of this patent must be the “runas” command in MS systems. IMO believe that a company as big as MS is enforced (at least for self protection) to patent any development like this.

Ray said...

So, perhaps instead of Ballmer ranting about how linux infringes their patents, people should be ranting about how microsoft patents infringe linux's (and unix before that) prior art.

Anonymous said...

Do a search on Microsoft patents at the USPO sometime. And look at the names of the examiners. From the names of the examiners, I would say that English is not their first language, or the entire operation has been outsourced to Viet Nam.

Anonymous said...

http://www.nsa.gov/selinux/
http://www.trustedbsd.org/mac.html
http://www.sedarwin.org/

sudo != uac

http://weblogs.asp.net/kennykerr/archive/2006/09/29/Windows-Vista-for-Developers-_1320_-Part-4-_1320_-User-Account-Control.aspx

Anonymous said...

what's next, the bootloader ?!

Anonymous said...

No next is the brain, because nobody is actually using it.

Anonymous said...
This comment has been removed by a blog administrator.
Christopher said...

10 print "uac<>sudo"
20 print "uac=su"

Anonymous said...

Patent idea isn't new ;-))... It's like kiddies buying domains like www.sex.com to sell it ;-) Ehhh do Your self what You have to do and leave that poor M$ alone, just patent whole linux(unix) thing in one ;-)

Anonymous said...

Linux will always be ahead of M$. The source is available, Its free to download and use, and it just works. New distros are so easy to use now that almost anyone could get into linux if they really wanted to. windows is what people are used to though so the change is hard to make, as for me I'm saying "piss on you" to M$

CreditGirl said...

I don't think there is a point to discuss how bad microsoft is-or its disadvantages. We all buy their products and no matter what it is the biggest leader in computering.

Mackenzie said...

I have bought their products in the past, but they've been so terrible that I never will buy their products again, so I think I can honestly say that I don't buy their products, making you wrong. As it is, I'm trying to figure out how to get a refund on the Windows license that I couldn't purchase my laptop without. The last of their products I purchased, a keyboard / mouse wireless set that worked *once* and a month later was dead. I don't trust their QA.

Anonymous said...
This comment has been removed by a blog administrator.
EXTR said...

Did anyone here read the patent?

At the end, it states...

It should be apparent that although the examples above are described illustratively as being computer appliances operating in a Microsoft Windows.RTM. environment, the invention is not to be limited to such specific examples, and the inventions may be practiced in general purpose computers or computers with operating systems other than Windows.RTM., such as Unix or Linux.

george said...

Pop ups are patented, any scriptkiddy with the api docs can come up with this.

Sumant said...

Microsoft’s intentions were to patent the “Run as Administrator” scheme used in Windows Vista and Windows 7. However, the debate is whether they ended up patenting sudo (which also deals with elevation of user rights) in the process.

Dont forget to click link.