Chapter 2. Getting Acquainted with Trusted IRIX/CMW
Prev   Next

Chapter 2. Getting Acquainted with Trusted IRIX/CMW

This chapter details the specific differences a user encounters the first time he or she sits down with a Silicon Graphics system running Trusted IRIX/CMW.

How to Identify the System

It is possible for you (or one of your programs) to distinguish which environment you are in by using one of these methods:

Identifying the System Security Options with a Program

From within a compiled program you can use the system call sysconf(3C). Refer to the sysconf(3C) reference page for more information on this system call.

Identifying the System From a Shell

In order to determine the operating system, execute this command at a shell prompt:

sysconf

You see a great deal of output, and towards the bottom of the list, you see the relevant information in the following form:

SYSNAME                          IRIX
HOSTNAME                         DARIUS
RELEASE                          6.2
VERSION                          03092155
MACHINE                          IP22
HW_SERIAL                        1503356586
HW_PROVIDER                      sgi
ACL                              1
AUDIT                            1
CAP                              1
IP_SECOPTS                       1
MAC                              1

Refer to the sysconf(1) reference page for more information.

How to Get Installation Help

Should you need help in installing Trusted IRIX/CMW you may refer to the manuals listed in the Preface. Help with individual tools is frequently available from the main menu of the tool (generally, you have access to a “Help” button). In addition, each tool has an associated menu page that should provide the answers for which you are looking.

Further help should be available from either your Administrator or the SSO.

What You See and What You Don't

There are a number of facets of Trusted IRIX/CMW which are invisible to the user most of the time. These may occasionally affect your environment and so it is best that we mention them here. Trusted IRIX/CMW meets all Compartmented Mode Workstation Requirements, all feature requirements through TCSEC B3, and the assurance level for B1.

Access Control Lists 


ACLs make it much easier to specify who has access to your files. Some programs will be unaware of ACLs, the implementation does not generally require that they do. A file's ACL may be set when it's created, if the containing directory has a default ACL.

Auditing  

Auditing is constantly in effect on most Trusted IRIX/CMW systems. This is not a cause for user concern, as the purpose of the audit trail is to discern intentional violations of security by malicious intruders, not to spy on legitimate users.

Capabilities 

It is possible to grant a user certain capabilities which have formerly been researved for the Superuser. It is also possible (and in fact, required in the CMW configuration) that userid 0 (root) does not have special privilege.

Labeling  

It is possible (though not desirable) to create a higher MAC-labeled file in a lower MAC-labeled directory. This file, of course, would not be visible to you at a lower MAC label. Correspondingly, you would be unable to remove this file and it could consume an arbitrary amount of your disk quota until your Administrator removes or downgrades the file.

Mail  

A given piece of mail is only readable if it matches your current MAC label. Mail sent to you at a higher MAC label is unreadable until you log in at that label. Indeed, because of these constraints, you would be unaware that you even had mail addressed to you at this higher MAC label. The side effect is analogous to someone placing a higher MAC-labeled file in one of your directories. This higher MAC label mail can consume an arbitrary amount of your disk resources. Mail sent to you outside your label range will not be accessible at any time.

If someone sends you mail outside of your allowed clearances, that mail is not delivered. Mail that you send will not be delivered if your current label is outside the label range of the recipient. For example, if you are logged in at system high privilege, and the recipient has only user privilege, mail sent to that user will be rejected.

Multilevel Directories  


One of the constraints of using a secure system is that access to information is restricted by the user's privileges. Multilevel directories (explained in the section above) are one facet of such a system.

Password Aging  


The strictures on passwords in Trusted IRIX/CMW are not limited to the content of the password. The Administrator can set a minimum and a maximum amount of time for the use of a given password. It is quite possible that you would wish to login and be unable to do so because your password had expired if you ignored the warnings to change it.

Password Generation  


Trusted IRIX/CMW comes equipped with a password generation program. When you attempt to change your password, this program presents you with several options for your new password. You must choose one of these passwords or choose not to change your password. This feature can be defeated by your Administrator, in which case you are free to select your own password, subject to certain triviality tests.

Prev Table of Contents Next
Chapter 1. Introduction to Trusted IRIX/CMW  Chapter 3. Understanding Access Control