Monday, November 16, 2009

How is this not a hacking tool?!?

OK, so someone explain to me how this isn't totally a Microsoft invention to make Windows more easily hacked? "I'm sorry Bill, but I can't allow you to do that. Here's a convenient list of accounts you can try to impersonate so that you CAN do that though".
- Leon

PS: Comic is courtesy of XKCD.com, and was featured in the post from Gizmodo. And I really like it. So I kept it in.
**********************

By John Herrman on Unix

So, how exactly did Microsoft—those bastards!—end up patenting Sudo, a years-old Linux command line tool, without someone stepping in to stop them? Easy! They didn't.

The story inspired widespread hyperventilation last week, most of which revolved around a few impassioned quotes:

Here it is, patent number7617530. Thanks, USPTO, for giving Microsoft, which is already a monopoly, a monopoly on something that's been in use since 1980 and wasn't invented by Microsoft. Here's Wikipedia's description of sudo, which you can meaningfully compare to Microsoft's description of its "invention".

This from Groklaw, a site that specializes in free and open source software legal affairs, i.e. exactly this kind of thing. But for whatever reason—zeal? clicks?—their reading of the patent, which we picked up, turn out to overblown. Says Sudo maintainer Todd Miller, via Ars:

I've already received a number of questions about US patent 7,617,530 that some people seem to believe might cover sudo. I don't think that is the case," he wrote. "Sudo simply doesn't work this way. When a command is run via sudo the user is actively running the command as a different user. What is described in the patent is a mechanism whereby an application or the operating system detects that an action needs to be run with increased privileges and automatically prompts the user with a list of potential users that have the appropriate privilege level to perform the task.

So, if not this, then what does the Microsoft patent cover? Back to Ars:

Specifically, it describes a user interface which displays accounts that have the necessary rights to perform an action when the user is blocked from performing an action that requires higher access privileges.

These are similar, but not patent similar.

Turns out, though, that there is a Linux tool called PolicyKit just like what Microsoft patented, which prompts users to switch to a higher-level user account when they hit against a permissions barrier. It was created after the patent was filed, but before it was made public. So, Microsoft, on all counts: not guilty. [ArsTechnica]


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)