Chapter 10. Maintaining an Evaluated Configuration

If you intend to run the evaluated configuration of the Trusted IRIX/CMWsystem at your site, you should be aware that there are strict limits placed on the hardware and software that have been evaluated. This chapter defines the evaluated configuration. If anything is added to, modified in, or subtracted from the evaluated configuration as described in this chapter, you are no longer running the evaluated configuration. Your system may operate normally, but the configuration has not been tested for security.

This chapter covers these topics:

Hardware Configuration

Because of changes in computing hardware it is difficult to maintain a complete and accurate list in this Guide of hardware that supports the Trusted IRIX/CMW system. To obtain the current list of evaluated hardware, please contact your local SGI office.

Software Configuration

The Trusted IRIX/CMW software must be kept intact and used as directed to maintain the evaluated configuration.

Use of the minthigh Integrity Label

Only software that is part of the evaluated Target of Evaluation (TOE) shipped with Trusted IRIX/CMW may use the minthigh integrity label. This level of integrity requires formal security evaluation. If you change the integrity grade of any other file to minthigh, you are no longer running the evaluated configuration. Label names with minthigh are dblow and dbadmin.

TOE Files and Programs

The files and programs that make up the Trusted IRIX/CMW TOE can be derived from the /etc/irix.mac file. All files listed in this file with labels dblow and dbadmin are part of the TCB.

Administrative Configuration

The administrative settings shipped with Trusted IRIX/CMW are part of the evaluated configuration.

Login Options

Trusted IRIX/CMW is shipped with a default set of login options set in the /etc/default/login file. If you change any of these options, you are no longer running the evaluated configuration.


As described in Chapter 4, “Networking with Trusted IRIX/CMW”, the evaluated configuration requires that you run only the tsix network software on all network interfaces. Any additional network connections violate the evaluated configuration.


All filesystems under Trusted IRIX/CMW must be labeled at all times. There are no exceptions to this rule. Even filesystems on nontrusted systems are assigned a label when connected via the network to Trusted IRIX/CMW systems. For more information see the rhost(1M) man page.

All NFS exported filesystems must be exported using the XFS extended attribute NFS extension, preserving the classifications of files across the Trusted IRIX/CMW network. For more information, see Chapter 4, “Networking with Trusted IRIX/CMW”.


The evaluated configuration of Trusted IRIX/CMW supports printing on dumb serial and parallel printers only. For complete information, see “Printing under Trusted IRIX/CMW” in Chapter 9.