Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!decwrl!adobe!heaven!glenn From: glenn@heaven.woodside.ca.us (Glenn Reid) Newsgroups: comp.lang.postscript Subject: Re: vaccination Message-ID: <235@heaven.woodside.ca.us> Date: 5 Aug 90 19:01:26 GMT References: <90215.111938SMITHM@QUCDN.BITNET> <1463@chinacat.Unicom.COM> Reply-To: glenn@heaven.UUCP (Glenn Reid) Organization: Skyline Press, Woodside CA Lines: 45 In article <1463@chinacat.Unicom.COM> woody@chinacat.Unicom.COM (Woody Baker @ Eagle Signal) writes: >Is there any way to defeat the following fragment of code, or will this >provide a secure vaccine for password resetters using the normal >password setting mechanism. > >/statusdict begin > /setpassword {pop pop} bind def > end. > > >The question really is, after doing this, is there anyway to recover the >original setpassword command short of powercycling the controller, or >causeing a hard reset? This looks surprisingly secure, short of rebooting the printer. You might take your handy dig-through-all-dictionaries loop and send it looking for the object you get by doing a statusdict /setpassword get (it is an operator object), just to see if there are any more copies of it somewhere. If you want to really get crazy, you can find all the array objects and look inside of them, too. It's possible that some procedure has a copy inside the body of the procedure. But my guess is that it's the only copy of the "setpassword" operator. It's even possible that Adobe did that on purpose, in their infinite wisdom, so that people could defeat resets of the password in just this manner. But in any case, it looks pretty good to me, although it's awfully easy to reboot a printer, so there's always that. But if the spooler can make sure that this code gets downloaded before any user job can get to the printer, even rebooting should be pretty secure. Of course, you can always just open the serial port directly, reboot the printer, and change the password. But in the event that someone is malicious enough to do all that, you're going to have a pretty hard time stopping him/her. Redefining "setpassword" should defend against the casual virus that isn't targeting any particular machine or printer, but is simply evil and is being propagated. /Glenn -- Glenn Reid PostScript/NeXT consultant glenn@heaven.woodside.ca.us Independent Software Developer ..{adobe,next}!heaven!glenn 415-851-1785