Red Hat Enterprise MRG Messaging and Grid

RHSA-2010:0922-01: [RHSA-2010:0922-01] Important: Red Hat Enterprise MRG Messaging and Grid security update

Product: Red Hat Enterprise MRG for RHEL-4

Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT

infrastructure for enterprise computing. MRG Messaging implements the

Advanced Message Queuing Protocol (AMQP) standard, adding persistence

options, kernel optimizations, and operating system services.

The Management Console Installation Guide for Red Hat Enterprise MRG 1.3

instructed administrators to configure Condor to allow the MRG Management

Console (cumin) to submit jobs on behalf of a user. This configuration

facilitated a trust relationship between cumin and the Condor QMF plug-ins;

however, there was inadequate access control on the trusted channel,

allowing anyone able to publish to a broker to submit jobs to run as any

other user (except root, as Condor does not run jobs as root).