In MRG 1.3, the provided Management Console Installation Guide instructed administrators to explicitly configure "QUEUE_ALL_TRUSTED_USERS=True" so that the management console (cumin) could facilitate submissions on behalf of a user. This configuration facilitated a trust relationship between cumin and the condor-qmf plugins. However, there was inadequate access control for securing the trusted channel; anyone able to publish to a broker could submit jobs. As well, this meant that a user could submit a job to run as any other user other than root (Condor does not run jobs as root). In a future update, through enhancements to the QMF Agent, access control on the condor-qmf plugins is adequate to secure the trust relationship.
This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2010:0921 https://rhn.redhat.com/errata/RHSA-2010-0921.html
This issue has been addressed in following products: Messaging for MRG on RHEL-4 Messaging Base for MRG on RHEL-4 Grid for MRG on RHEL-4 Grid Execute Node for MRG on RHEL-4 Via RHSA-2010:0922 https://rhn.redhat.com/errata/RHSA-2010-0922.html