Re: sudo, privilege separation and a Microsoft patent

[Jacob Meuser <jakemsr_(_at_)_jakemsr_(_dot_)_com>]

On Mon, Aug 23, 2004 at 02:50:03PM -0400, Kurt Miller wrote:
> From: "Marc Balmer" <marc_(_at_)_msys_(_dot_)_ch>
> > Hi!
> >
> > Microsoft has been granted a patent on something that looks to me like
> > sudo or privilege separation.  Can someone with more legalese background
> > comment on this is, especially if privilege separation would fall under
> > the patent?
> >
> > Here is the URL:
> >
> >
> http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1=6,775,781.WKU.&OS=PN/6,775,781&RS=PN/6,775,781
> >
> > Marc
> >
> 
> I'm wondering if postfix could be considered prior-art?

It sure sounds to me like they are describing a separate daemon
that provides or denies access.

"The administrative process acts as an intermediary between a user
requesting an administrative action and the operating system.  The
security process can be used to provide or deny access to any aspect
of the operating system for any particular user.  The security process
is a general purpose intermediary in that it is not coded with any
information or knowledge of the operating system administrative
functions that may be restricted to a user.  Rather, this information
is available in a data store that the security process accesses."

and later

"... a system service such as the administrative security process ...
executes independently of whether any particular human user is actually
logged on or authenticated ... and the operating system then initiates
the service upon each boot up--usually without any further input from
a human user."

So this would seem to be completely irrelevant to sudo or privilege
separation techniques.

-- 
<jakemsr_(_at_)_jakemsr_(_dot_)_com>