Analytics
11/16/2009
10:00 AM
50%
50%

Does New Microsoft Patent Infringe On Unix Program Sudo?

Some in the open source community suspicious of Microsoft's intent

A patent granted to Microsoft (NSDQ: MSFT) has stirred up worry that world's largest software company wants to claim Unix's "sudo" as its own.

Sudo is a Unix program used to raise a user's privilege level to accomplish tasks that require administrative privileges. It allows a user to temporarily execute commands as the root user.

Microsoft's "Rights elevator" patent describes a way to "enable a user to elevate his or her rights," which of course is what "sudo" does.

This apparent similarity has led some in the open source community, cognizant of Microsoft's past hostility toward open source software, to ask whether the company plans to demand a patent licensing fee from open source vendors.

Microsoft may wish it could do so. If so, it won't say: The company declined to comment.

In any event, the "Rights elevator" patent isn't likely to provide Microsoft with the opportunity to seek such fees.

Michael B. Einschlag, a partner at Rosenlaw & Einschlag, which specializes in open source and intellectual property law, said Microsoft's "Right elevator" patent is narrowly framed to cover the graphic user interface used to present computer privilege elevation.

"It's a description of how to present the information to the user," he said. "It doesn't cover the concept of how the user is trying to accomplish some task."

After reviewing documents covering the patent's history, Einschlag pointed to three specific identifiers that the patent's examiner concluded were necessary for Microsoft's invention to qualify as a patentable innovation: frequency of use; association with the current user; and indication of sufficient but not unlimited rights.

"Fundamentally, it's something to make it easy for users to understand how to upgrade their rights," he said.

In short, suspicions about this patent are overblown.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0279
Published: 2015-03-26
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

CVE-2015-0635
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device an...

CVE-2015-0636
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine,...

CVE-2015-0637
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315.

CVE-2015-0638
Published: 2015-03-26
Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.