[Ubuntu-be] bad news: Microsoft Patents Sudo

Jan Claeys ubuntu at janc.be
Sun Nov 15 02:33:07 GMT 2009

Op zaterdag 14-11-2009 om 11:16 uur [tijdzone +0100], schreef Pierre
> I'm not sure there is nothing to worries about. I've not read this
> patent but I bet it is yet another vague one over a nearly trivial
> idea expressed in a way allowing broader interpretation when necessary
> but with a narrower one at first read. 

For example, this is how the end of the claim reads:

        Systems and/or methods are described that enable a user to
        elevate his or her rights, including through a user interface
        identifying an account with these rights. By so doing, these
        systems and/or methods may permit a user to use a computer in
        relative safety from attacks by malicious code while also
        enabling the user to easily elevate his or her rights to perform
        potentially dangerous tasks. Although the invention has been
        described in language specific to structural features and/or
        methodological steps, it is to be understood that the invention
        defined in the appended claims is not necessarily limited to the
        specific features or steps described. Rather, the specific
        features and steps are disclosed as preferred forms of
        implementing the claimed invention.

In other words, the whole description of how UAC currently works is
"just an example".

In the InformationWeek article, the patent lawyer who says there is
nothing to fear also says:

        After reviewing documents covering the patent's history,
        Einschlag pointed to three specific identifiers that the
        patent's examiner concluded were necessary for Microsoft's
        invention to qualify as a patentable innovation: frequency of
        use; association with the current user; and indication of
        sufficient but not unlimited rights. 

In other words, only the combination of those 3 things together
supposedly make UAC a "new invention".  I doubt it's really new, but it
doesn't cover 'sudo', at least not as it's used now in most distros.

And I think most distro developers would consider it to be horribly
insecure--there is a reason why 'sudoers' is only readable by root (or
by people who were granted enough rights in 'sudoers' to become root of

Jan Claeys

More information about the ubuntu-be mailing list