Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uunet!chinacat!woody
From: woody@chinacat.Unicom.COM (Woody Baker @ Eagle Signal)
Newsgroups: comp.lang.postscript
Subject: vaccination
Summary: vaccine
Message-ID: <1463@chinacat.Unicom.COM>
Date: 5 Aug 90 03:23:03 GMT
References: <90215.111938SMITHM@QUCDN.BITNET>
Organization: a guest of Unicom Systems Development, Austin
Lines: 37

Recently the topic of a Postscript trojan arose over in comp.virus.
I posted a note that the fix (the password restter program) was available,
and subsequently forwarded Nigels code over to the group.  That has 
resulted in a prolonged correspondance with one, Zibignew Fiedorowic,
who has asked me a question:

Is there any way to defeat the following fragment of code, or will this
provide a secure vaccine for password resetters using the normal
password setting mechanism.

/statusdict begin
	/setpassword {pop pop} bind def
	end.


The question really is, after doing this, is there anyway to recover the
original setpassword command short of powercycling the controller, or
causeing a hard reset?

What about adding executeonly to this, so you can't redefine it?

You could redifine it in an upper dictionary, but how would you
recover the original def of setpassword?

I have also, made a modification to my password resetter routine to follow
the idea of Nigels code, to only report the password.  In addition, I
have left the print eeprom code in place.  I'll be willing to post the
routine (the only thing it realy does diffrent from Nigel's code, is
do a hex dump of the eeprom, and identify the interesting locations.)

I still won't send out the writeeeprom routine without a signed
letter head...

Cheers
Woody Baker
Rt.1 Box I
Manor, Tx. 78653.