NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0519:  Linux symbolic links and FMT_CFG_EXT.1

Publication Date
2020.06.18

Protection Profiles
PP_APP_v1.3

Other References
FMT_CFG_EXT.1.2

Issue Description

FMT_CFG_EXT.1.2 requirement in AppPP v1.3 dictates that application binaries and data files must be protected from unpriviliged users. For Linux, assurance activity mandates checking it with 'find . -pem /002' command. The outcome of the test is specified "The command should not print any files".  When executing this test, a product may have symbolic links pointing to binaries and/or data files; the command is flagging the symbolic links themselves rather than the files the symbolic links are pointing to.

Resolution

The Evaluation Activity for Linux in FMT_CFG_EXT.1.2 shall be modified as follows:

For Linux: The evaluator shall run the command find -L . -perm /002 inside the application's data directories to ensure that all files are not world-writable. The command should not print any files.

 

Justification

Adding "-L" causes the command to follow the symbolic link if it exists and only check the permissions on the file that the symbolic link points to, rather than the symbolic link itself.

 
 
Site Map              Contact Us              Home