Righteous indignation erupted on the Internet last week following reports that Microsoft had patented sudo, a traditional command-line tool that is widely used on Linux and some UNIX platforms for selective privilege escalation. Some enthusiastic patent reform advocates predictably held up the patent as an example of the problems that afflict the patent system.

The inherent broadness and ambiguity of software patents is arguably a debilitating problem for the software industry and a matter that calls for evaluation of potential reforms, but we're not so sure that the Microsoft patent in question is as egregious as the critics claim. Granting a patent on the underlying concept of sudo to Microsoft over two decades after the tool was invented by open source developers would indeed be foolish, but that is not at all what happened. A look beyond the short summary of the patent filing and into the body of the patent's actual claims reveals that Microsoft's "invention" is really quite different from the sudo command-line tool. It might, however, cover some technologies that have more recently arrived on the Linux desktop.

Microsoft's '530 patent, which is titled Rights Elevator, covers methods "that enable a user to elevate his or her rights." Specifically, it describes a user interface which displays accounts that have the necessary rights to perform an action when the user is blocked from performing an action that requires higher access privileges. The claims of the patent all revolve around a system of recommending higher-privilege accounts for the user to choose from based on various predetermined parameters.

Although the subject of Microsoft's patent is related to sudo in the sense that it also deals with mechanisms for performing an operation with heightened privileges, the scope is clearly different. The two are different in, for example, the way that a train is different from a car. Unfortunately, the hysteria surrounding the patent is creating needless uncertainty about sudo. To clarify the matter, sudo maintainer Todd Miller posted a statement on the sudo mailing list explaining the difference.

"I've already received a number of questions about US patent 7,617,530 that some people seem to believe might cover sudo. I don't think that is the case," he wrote. "Sudo simply doesn't work this way. When a command is run via sudo the user is actively running the command as a different user. What is described in the patent is a mechanism whereby an application or the operating system detects that an action needs to be run with increased privileges and automatically prompts the user with a list of potential users that have the appropriate privilege level to perform the task."

Although the patent doesn't cover sudo, it's worth noting that the specific elements that it describes are indeed found in the graphical interface of PolicyKit, a relatively modern Linux framework for privilege escalation. PolicyKit was developed after the Microsoft patent was filed, meaning that it doesn't constitute prior art.

If you attempt to change certain system settings in Ubuntu 9.04, PolicyKit will present a dialog that lists users who have the requisite privileges for performing the configuration change. Curiously, the dialog is different in the latest version of the distribution and doesn't display the user combobox. This change arguably makes it safe from this particular patent, assuming that the new behavior appears consistently in all cases.

Whether the patent is valid or non-obvious is a matter that is worth debating, but it's important for that debate to focus on the patent's true scope. Invention is often an incremental process and there many patents that describe a new twist on something old. When searching for prior art to challenge the validity of a patent, it's important to look closely at the actual claims rather than just the abstract, which can be misleading.