Microsoft Patents Sudo?!! (Groklaw) [LWN.net]

Microsoft Patents Sudo?!! (Groklaw)

Posted Nov 12, 2009 21:37 UTC (Thu) by foom (subscriber, #14868)
In reply to: Microsoft Patents Sudo?!! (Groklaw) by DOT
Parent article: Microsoft Patents Sudo?!! (Groklaw)

> On Unix, we can do this the right way with PolicyKit. We don't need popups to log in
> as a different user for a particular action.

What's "the right thing" when an unprivileged user wants to change a privileged system setting that
they are not allowed to change? For example: deleting a user account, or installing software
system-wide. The solution in Windows (and OSX) is to ask you if you'd like to authenticate using an
suitably-privileged-user's credentials in order to perform that task.

The idea is that perhaps that user can be called in to allow the task which you yourself are not
trusted to do.

(Log in to post comments)

Microsoft Patents Sudo?!! (Groklaw)

Posted Nov 12, 2009 21:57 UTC (Thu) by DOT (subscriber, #58786) [Link]

Oh, PolicyKit does present a list of privileged users if the user isn't privileged at all. The hack I'm talking about is that Microsoft's system actually runs the app as another user, giving the app all the privileges that that other user has.

Microsoft Patents Sudo?!! (Groklaw)

Posted Nov 12, 2009 22:15 UTC (Thu) by Kit (guest, #55925) [Link]

>The hack I'm talking about is that Microsoft's system actually
>runs the app as another user, giving the app all the privileges
>that that other user has.

That's the way sudo works, which before PolicyKit was generally the method of choice for administrative tasks in GUIs on *nix (along with su).