TD0815: Addition of Conditional TSS Activity for FPT_AEX_EXT.1.5
Publication Date
2024.02.13
Protection Profiles
PP_APP_v1.4
Other References
FPT_AEX_EXT.1.5
Issue Description
Under certain circumstances, the automated tests in FPT_AEX_EXT.1.5 may produce false negatives or otherwise be unusable. Resolution
The Evaluation Activities for FPT_AEX_EXT.1.5 in PP_APP_V1.4 are modified as follows, with green-highlighted underlines indicating additions and red-highlighted strikethroughs indicating deletions:
Guidance None. Tests The evaluator will inspect every native executable included in the TOE to ensure that stack-based buffer overflow protection is present. Platforms:Microsoft Windows... Applications that run as Managed Code in the .NET Framework do not require these stack protections. Applications developed in Object Pascal using the Delphi IDE compiled with RangeChecking enabled comply with this element. For other code, the evaluator shall review the TSS and verify that the /GS flag was used during compilation. The evaluator shall run a tool like, BinSkim For PE , the evaluator will disassemble each and ensure the following sequence appears:
. For ELF executables, the evaluator will ensure that each contains references to the symbol __stack_chk_fail. Tools such as Canary Detector may help automate these activities. If these automated tests fail, the evaluator shall perform the above, conditional TSS activity. Justification
See Issue Description. |