NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details   TD0675:  Make FPT_W^X_EXT.1 Optional Publication Date 2022.11.28 Protection Profiles PP_OS_V4.3 Other References A.1 Issue Description The GPOS agreed to make FPT_W^X_EXT.1 optional for 4.3; however this was overlooked. Resolution Protection Profile for General Purpose Operating Systems v4.3 is updated as follows:   Section 5.1.4 is amended as follows: FPT_W^X_EXT.1 Write XOR Execute Memory Pages FPT_W^X_EXT.1.1 The OS shall prevent allocation of any memory region with both write and execute permissions except for [assignment: list of exceptions]. Application Note: Requesting a memory mapping with both write and execute permissions subverts the platform protection provided by DEP. If the OS provides no exceptions (such as for just-in-time compilation), then "no exceptions" should be indicated in the assignment. Full realization of this requirement requires hardware support, but this is commonly available. Evaluation Activities  FPT_W^X_EXT.1 TSS The evaluator will inspect the vendor-provided developer documentation and verify that no memory-mapping can be made with write and execute permissions except for the cases listed in the assignment. Tests The evaluator will also perform the following tests. Test 50: The evaluator will acquire or construct a test program which attempts to allocate memory that is both writable and executable. The evaluator will run the program and confirm that it fails to allocate memory that is both writable and executable. Test 51: The evaluator will acquire or construct a test program which allocates memory that is executable and then subsequently requests additional write/modify permissions on that memory. The evaluator will run the program and confirm that at no time during the lifetime of the process is the memory both writable and executable. Test 52: The evaluator will acquire or construct a test program which allocates memory that is writable and then subsequently requests additional execute permissions on that memory. The evaluator will run the program and confirm that at no time during the lifetime of the process is the memory both writable and executable. To Table.2 in 5.1.8: FPT_W^X_EXT.1 (Optional) Supports the objective by requiring the OS to executable only non-writable memory. And To A.1 A.1.2 Protection of the TSF (FPT) FPT_W^X_EXT.1 Write XOR Execute Memory Pages FPT_W^X_EXT.1.1 The OS shall prevent allocation of any memory region with both write and execute permissions except for [assignment: list of exceptions]. Application Note: Requesting a memory mapping with both write and execute permissions subverts the platform protection provided by DEP. If the OS provides no exceptions (such as for just-in-time compilation), then "no exceptions" should be indicated in the assignment. Full realization of this requirement requires hardware support, but this is commonly available. Evaluation Activities  FPT_W^X_EXT.1 TSS The evaluator will inspect the vendor-provided developer documentation and verify that no memory-mapping can be made with write and execute permissions except for the cases listed in the assignment. Tests The evaluator will also perform the following tests. Test 50: The evaluator will acquire or construct a test program which attempts to allocate memory that is both writable and executable. The evaluator will run the program and confirm that it fails to allocate memory that is both writable and executable. Test 51: The evaluator will acquire or construct a test program which allocates memory that is executable and then subsequently requests additional write/modify permissions on that memory. The evaluator will run the program and confirm that at no time during the lifetime of the process is the memory both writable and executable. Test 52: The evaluator will acquire or construct a test program which allocates memory that is writable and then subsequently requests additional execute permissions on that memory. The evaluator will run the program and confirm that at no time during the lifetime of the process is the memory both writable and executable.   Justification See Description.