how executables are determined #19
Description
FPT_DNL_EXT.1.2 - Comment received – “The issue here is how executables are determined – malicious sites are crafty by disguising extensions or using things that people don’t realize are executables. Include an SFR indicating how the TOE should determine if a downloaded file is an executable – and it shouldn’t just be based on the MIME type or extension, but might involve testing for known magic codes at the front of the file.”
Perhaps consider asking for documentation in TSS. May be a function for OS, which has handlers for MIME types.
Metadata
Metadata
Assignees
Labels
No labels