Florian Weimer reported that, when Cumin is installed, it creates a "cumin" PostgreSQL user and changes pg_hba.conf so that no password is required for authentication. This could be used to bypass role separation in Cumin; for instance in a setup where condor_schedd runs on the same machine as Cumin and a regular Cumin user could submit a job that connects to the PostgreSQL database and alters the database in such a way as to give the regular user administrative privileges.