radford@calgary.UUCP (Radford Neal) (09/29/86)
In article <4794@ukma.uky.csnet>, david@ukma.uky.csnet (David Herron, NPR Lover) writes: > hmmmm... I guess the patent office didn't know about JACCT on TOPS-10. > > The first time I hears of the SUID I thought "what a nifty general > way to do JACCT"... The Kronos operating system for the CDC 6000 also had things similar to the SUID bit. An system command could have various special "entry points" that gave them special priviledges even when run by ordinary users. I first used this system in 1974, but I think it had the feature for many years before then. As far as I can see, the only innovation in UNIX SUID stuff is that the priviledges inherited can be those of any user, not just some "super user", as determined by file ownership. Personally, I don't this this ought to be enough to justify a patent. Radford Neal The University of Calgary
ed@mtxinu.UUCP (Ed Gould) (10/02/86)
>> The first time I hears of the SUID I thought "what a nifty general >> way to do JACCT"... > >The Kronos operating system for the CDC 6000 also had things similar to >the SUID bit. An system command could have various special "entry points" >that gave them special priviledges even when run by ordinary users. ... > >As far as I can see, the only innovation in UNIX SUID stuff is that the >priviledges inherited can be those of any user, not just some "super user", >as determined by file ownership. Personally, I don't this this ought to be >enough to justify a patent. Lots of people have given examples of things that other systems did that are subsumed by the set-uid bit. The examples vary fairly widely, but they seem to have a common thread: There have been ways to do priveliged functions in the past, so what's so new about set-uid? It seems to me that what's new is the complete generalization of privilege. In the Kronos example, above, note that a "system command could have...". This allows the (necessarily) privileged system maintainers to designate a privileged program. Set-uid allows *any* user to say "during the execution of this program, which *I* have so designated, you may have *my* permissions." Is there a feature elsewhere that allows this? -- Ed Gould mt Xinu, 2560 Ninth St., Berkeley, CA 94710 USA {ucbvax,decvax}!mtxinu!ed +1 415 644 0146 "A man of quality is not threatened by a woman of equality."
trb@ima.UUCP (Andrew Tannenbaum) (10/02/86)
> hmmmm... I guess the patent office didn't know about JACCT on TOPS-10. > > The first time I hears of the SUID I thought "what a nifty general > way to do JACCT"... It rubs me the wrong way to see the creators of UNIX being dragged through the dirt for patenting SUID. You aren't going to see Dennis Ritchie saying "Oh yea? I did too create the SUID idea." I think SUID was patented in an attempt to protect the UNIX kernel from theft - you sell an illicit copy of the kernel, you violate patent law. No one ever said that UNIX had any original ideas. From the Ritchie and Thompson "UNIX Timesharing System" paper (July 1974 CACM, July-Aug 1978 UNIX System BSTJ): "The success of UNIX lies not so much in new inventions but rather in the full exploitation of a carefully selected set of fertile ideas, and especially in showing that they can be keys to the implementation of a small yet powerful operating system." In those days there were no software patents, so SUID was probably the easiest feature for which it was possible to create an analog in hardware (which could be patented). It was apparently original enough to be patented. That doesn't mean it was patented because Dennis thought it was a brilliant idea. I'm sure that his pride in being involved in the creation of UNIX doesn't revolve around the SUID patent. Andrew Tannenbaum Interactive Boston, MA +1 617 247 1155
jack@mcvax.uucp (Jack Jansen) (10/03/86)
In article <404@vaxb.calgary.UUCP> radford@calgary.UUCP (Radford Neal) writes: >In article <4794@ukma.uky.csnet>, david@ukma.uky.csnet (David Herron, NPR Lover) writes: > >> hmmmm... I guess the patent office didn't know about JACCT on TOPS-10. >> > >As far as I can see, the only innovation in UNIX SUID stuff is that the >priviledges inherited can be those of any user, not just some "super user", >as determined by file ownership. Personally, I don't this this ought to be >enough to justify a patent. I think the innovation that *anyone* can make a program with special permissions is an innovation. The methods all the older operating systems used was always something like giving extra permissions to files living in a certain directory, or files specified in a certain list, etc. What this conceptually does is move those programs to a different ring of security: somewhere in between the kernel and the user. This is totally different from suid. Also, the features provided by older operating systems usually gave you a way of completely turning off the protection scheme. Suid is much cleaner (and safer) in that respect. -- Jack Jansen, jack@mcvax.UUCP The shell is my oyster.
henry@utzoo.UUCP (Henry Spencer) (10/04/86)
> As far as I can see, the only innovation in UNIX SUID stuff is that the > priviledges inherited can be those of any user, not just some "super user", > as determined by file ownership. Personally, I don't this this ought to be > enough to justify a patent. Why not? It's definitely a useful generalization. And it wasn't trivial and obvious until Dennis thought of it first. -- Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,decvax,pyramid}!utzoo!henry
mash@mips.UUCP (John Mashey) (10/06/86)
In article <231@ima.UUCP> trb@ima.UUCP (Andrew Tannenbaum) writes: >It rubs me the wrong way to see the creators of UNIX being dragged >through the dirt for patenting SUID. You aren't going to see Dennis >Ritchie saying "Oh yea? I did too create the SUID idea." I think SUID >was patented in an attempt to protect the UNIX kernel from theft - you >sell an illicit copy of the kernel, you violate patent law. Although I have no idea whether or not it was true in this case, it certainly was true that there were times at BTL (and elsewhere) that there were big pushes by the internal lawyers to generate patents on anything conceivable, for good and reaonable reasons. This was standard practice in the hardware side; whenever software patents were a hot topic, there was often a strong push to find things that were software patentable, not necessarily by those who generated the software. Note: this is no criticism of anybody, including the lawyers who sometimes tried to push patenting things that software people that were crazy. This area of the law has been a confusing quagmire for a long, long time. -- -john mashey DISCLAIMER: <generic disclaimer, I speak for me only, etc> UUCP: {decvax,ucbvax,ihnp4}!decwrl!mips!mash, DDD: 408-720-1700, x253 USPS: MIPS Computer Systems, 930 E. Arques, Sunnyvale, CA 94086
singer@spar.UUCP (10/06/86)
The Cambridge CAP computer (project started in 1970) allowed programmers to let programs they created use any of the privileges (capabilities) they had, and allowed the programmer to grant the capability to run any program they created to other people; this did not permit others to get at the capabilties held by the program. Seems that SUID is a very restricted case of this. (Alas, I have no date on the invention of the capability system, but since it is fundamental to the project, the philosophical details almost certainly come from very early on, and probably pre-date the official project start).
henry@utzoo.UUCP (Henry Spencer) (10/09/86)
> The Cambridge CAP computer (project started in 1970) allowed programmers > to let programs they created use any of the privileges (capabilities) they > had, and allowed the programmer to grant the capability to run any program > they created to other people; this did not permit others to get at the > capabilties held by the program. Seems that SUID is a very restricted case > of this. (Alas, I have no date on the invention of the capability system... Capability-based systems do indeed considerably pre-date the setuid bit. They are also vastly more complex than the setuid bit. Seen from this side, Dennis's innovation was to realize that a very simple facility would give the most important benefit of such schemes with little of their complexity. -- Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,decvax,pyramid}!utzoo!henry