NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0359:  Buffer Protection

Publication Date

Protection Profiles

Other References

Issue Description

Not all compilers have the /GS compiler option and not all applications are required to be compiled with stack-based buffer overflow protection enabled.


The AA for Windows in FPT_AEX_EXT.1.5 is replaced as follows:

For Windows:  Applications that run as Managed Code in the .NET Framework do not require these stack protections. Applications developed in Object Pascal using the Delphi IDE compiled with RangeChecking enabled comply with this element. For other code, the evaluator shall review the TSS and verify that the /GS flag was used during compilation. The evaluator shall run a tool, like BinScope, that can verify the correct usage of /GS.


See issue description.

Site Map              Contact Us              Home