Commit 5c5df9b9 authored by Kees Cook's avatar Kees Cook Committed by Valerie Aurora (Bow Shock)
Browse files

MI-JUST: Reword and consolidate 

I worry specific language like "scan for" etc is getting too specific? I
think just an enumeration is needed. Added memory-mapped interface and
added the "privilege boundary" language.
parent e7fc62c6

EN-304-626.md

+8 −5
Original line number Diff line number Diff line
@@ -1264,17 +1264,20 @@ Threat: An interface unnecessary for the default functioning of the product is e 


Use case: Above a certain level of risk



* Mitigation: For every exposed interface to a security-relevant component, describe why it is necessary for default behavior

* Test: Use the following techniques to find interfaces and compare to the documentation:

  * Scan for open network ports

  * Try all syscall numbers

  * Enumerate /proc/sys

* Mitigation: Reduce exposed privilege boundary interfaces to the minimum required and describe why each is necessary for default behavior

* Test: Compare available interfaces to documentation, completely enumerating all reachable privilege boundries via:

  * network ports

  * system calls

  * handle based interfaces (e.g. /dev, /sys, /proc)

  * shared memory regions (e.g. GPU, MMIO)

  * FIXME more

* Result: No undocumented interfaces

* Output: Documentation of interfaces, results of scans

* Requirements: Ability to enumerate interfaces on shipped product

* Documentation: Source, documentaition, output of tests



FIXME: separate MI for minimum process privileges?



> Copy-n-paste mitigation format



### 5.2.X **TR-XXXX**: