[net.micro.68k] SUID Patent

radford@calgary.UUCP (Radford Neal) (09/29/86)

In article <4794@ukma.uky.csnet>, david@ukma.uky.csnet (David Herron, NPR Lover) writes:

> hmmmm... I guess the patent office didn't know about JACCT on TOPS-10.
> 
> The first time I hears of the SUID I thought "what a nifty general
> way to do JACCT"...

The Kronos operating system for the CDC 6000 also had things similar to
the SUID bit. An system command could have various special "entry points"
that gave them special priviledges even when run by ordinary users. I
first used this system in 1974, but I think it had the feature for many
years before then.

As far as I can see, the only innovation in UNIX SUID stuff is that the
priviledges inherited can be those of any user, not just some "super user",
as determined by file ownership. Personally, I don't this this ought to be 
enough to justify a patent.

    Radford Neal
    The University of Calgary

ed@mtxinu.UUCP (Ed Gould) (10/02/86)

>> The first time I hears of the SUID I thought "what a nifty general
>> way to do JACCT"...
>
>The Kronos operating system for the CDC 6000 also had things similar to
>the SUID bit. An system command could have various special "entry points"
>that gave them special priviledges even when run by ordinary users. ...
>
>As far as I can see, the only innovation in UNIX SUID stuff is that the
>priviledges inherited can be those of any user, not just some "super user",
>as determined by file ownership. Personally, I don't this this ought to be 
>enough to justify a patent.

Lots of people have given examples of things that other systems did that
are subsumed by the set-uid bit.  The examples vary fairly widely,
but they seem to have a common thread:  There have been ways to do
priveliged functions in the past, so what's so new about set-uid?

It seems to me that what's new is the complete generalization of privilege.
In the Kronos example, above, note that a "system command could have...".
This allows the (necessarily) privileged system maintainers to designate
a privileged program.  Set-uid allows *any* user to say "during the
execution of this program, which *I* have so designated, you may have
*my* permissions."

Is there a feature elsewhere that allows this?

-- 
Ed Gould                    mt Xinu, 2560 Ninth St., Berkeley, CA  94710  USA
{ucbvax,decvax}!mtxinu!ed   +1 415 644 0146

"A man of quality is not threatened by a woman of equality."

trb@ima.UUCP (Andrew Tannenbaum) (10/02/86)

> hmmmm... I guess the patent office didn't know about JACCT on TOPS-10.
> 
> The first time I hears of the SUID I thought "what a nifty general
> way to do JACCT"...

It rubs me the wrong way to see the creators of UNIX being dragged
through the dirt for patenting SUID.  You aren't going to see Dennis
Ritchie saying "Oh yea?  I did too create the SUID idea."  I think SUID
was patented in an attempt to protect the UNIX kernel from theft - you
sell an illicit copy of the kernel, you violate patent law.

No one ever said that UNIX had any original ideas.  From the Ritchie
and Thompson "UNIX Timesharing System" paper (July 1974 CACM, July-Aug
1978 UNIX System BSTJ):  "The success of UNIX lies not so much in new
inventions but rather in the full exploitation of a carefully selected
set of fertile ideas, and especially in showing that they can be keys
to the implementation of a small yet powerful operating system."

In those days there were no software patents, so SUID was probably 
the easiest feature for which it was possible to create an analog in
hardware (which could be patented).  It was apparently original enough
to be patented.  That doesn't mean it was patented because Dennis
thought it was a brilliant idea.  I'm sure that his pride in being
involved in the creation of UNIX doesn't revolve around the SUID
patent.

	Andrew Tannenbaum   Interactive   Boston, MA   +1 617 247 1155

jack@mcvax.uucp (Jack Jansen) (10/03/86)

In article <404@vaxb.calgary.UUCP> radford@calgary.UUCP (Radford Neal) writes:
>In article <4794@ukma.uky.csnet>, david@ukma.uky.csnet (David Herron, NPR Lover) writes:
>
>> hmmmm... I guess the patent office didn't know about JACCT on TOPS-10.
>> 
>
>As far as I can see, the only innovation in UNIX SUID stuff is that the
>priviledges inherited can be those of any user, not just some "super user",
>as determined by file ownership. Personally, I don't this this ought to be 
>enough to justify a patent.

I think the innovation that *anyone* can make a program with special
permissions is an innovation. The methods all the older operating systems
used was always something like giving extra permissions to files living
in a certain directory, or files specified in a certain list, etc.

What this conceptually does is move those programs to a different ring
of security: somewhere in between the kernel and the user. This is totally
different from suid. Also, the features provided by older operating systems
usually gave you a way of completely turning off the protection scheme.
Suid is much cleaner (and safer) in that respect.


-- 
	Jack Jansen, jack@mcvax.UUCP
	The shell is my oyster.

henry@utzoo.UUCP (Henry Spencer) (10/04/86)

> As far as I can see, the only innovation in UNIX SUID stuff is that the
> priviledges inherited can be those of any user, not just some "super user",
> as determined by file ownership. Personally, I don't this this ought to be 
> enough to justify a patent.

Why not?  It's definitely a useful generalization.  And it wasn't trivial
and obvious until Dennis thought of it first.
-- 
				Henry Spencer @ U of Toronto Zoology
				{allegra,ihnp4,decvax,pyramid}!utzoo!henry

mash@mips.UUCP (John Mashey) (10/06/86)

In article <231@ima.UUCP> trb@ima.UUCP (Andrew Tannenbaum) writes:
>It rubs me the wrong way to see the creators of UNIX being dragged
>through the dirt for patenting SUID.  You aren't going to see Dennis
>Ritchie saying "Oh yea?  I did too create the SUID idea."  I think SUID
>was patented in an attempt to protect the UNIX kernel from theft - you
>sell an illicit copy of the kernel, you violate patent law.

Although I have no idea whether or not it was true in this case, it
certainly was true that there were times at BTL (and elsewhere) that
there were big pushes by the internal lawyers to generate patents on
anything conceivable, for good and reaonable reasons.  This was standard
practice in the hardware side; whenever software patents were a hot topic,
there was often a strong push to find things that were software patentable,
not necessarily by those who generated the software.

Note: this is no criticism of anybody, including the lawyers who sometimes
tried to push patenting things that software people that were crazy.
This area of the law has been a confusing quagmire for a long, long time.
-- 
-john mashey	DISCLAIMER: <generic disclaimer, I speak for me only, etc>
UUCP: 	{decvax,ucbvax,ihnp4}!decwrl!mips!mash, DDD:  	408-720-1700, x253
USPS: 	MIPS Computer Systems, 930 E. Arques, Sunnyvale, CA 94086

singer@spar.UUCP (10/06/86)

The Cambridge CAP computer (project started in 1970) allowed programmers
to let programs they created use any of the privileges (capabilities) they
had, and allowed the programmer to grant the capability to run any program
they created to other people;  this did not permit others to get at the
capabilties held by the program.  Seems that SUID is a very restricted case
of this.  (Alas, I have no date on the invention of the capability system,
but since it is fundamental to the project, the philosophical details almost
certainly come from very early on, and probably pre-date the official
project start).

henry@utzoo.UUCP (Henry Spencer) (10/09/86)

> The Cambridge CAP computer (project started in 1970) allowed programmers
> to let programs they created use any of the privileges (capabilities) they
> had, and allowed the programmer to grant the capability to run any program
> they created to other people;  this did not permit others to get at the
> capabilties held by the program.  Seems that SUID is a very restricted case
> of this.  (Alas, I have no date on the invention of the capability system...

Capability-based systems do indeed considerably pre-date the setuid bit.
They are also vastly more complex than the setuid bit.  Seen from this side,
Dennis's innovation was to realize that a very simple facility would give
the most important benefit of such schemes with little of their complexity.
-- 
				Henry Spencer @ U of Toronto Zoology
				{allegra,ihnp4,decvax,pyramid}!utzoo!henry