Condor is a specialized workload management system for compute-intensive
jobs. It provides a job queuing mechanism, scheduling policy, priority
scheme, and resource monitoring and management.
A flaw was found in the way Condor interpreted wildcards in authorization
lists. Certain authorization lists using wildcards in DENY rules, such as
DENY_WRITE or HOSTDENY_WRITE, that conflict with the definitions in ALLOW
rules, could permit authenticated remote users to submit computation jobs,
even when such access should have been denied. (CVE-2008-3424)
Bug fixes:
the /etc/condor/condor_config file started with “What machine is your
central manager?”. The following line was blank, instead of having the
“CONDOR_HOST” option, causing confusion. The “What machine…” text is now
removed.
condor_config.local defined “LOCK = /tmp/[lock file]”. This is no longer
explicitly defined; however, lock files may be in “/tmp/”, and could be
removed by tmpwatch. A “LOCK_FILE_UPDATE_INTERVAL” option, which defaults
to eight hours, has been added. This updates the timestamps on lock files,
preventing them from being removed by tools such as tmpwatch.
when a “SCHEDD_NAME” name in condor_config ended with an “@”, the
system’s hostname was appended. For example, if “SCHEDD_NAME = test@” was
configured, “condor_q -name test@” failed with an “Collector has no record
of schedd/submitter” error. Now, the hostname is not appended when a name
ends with an “@”. In High Availability (HA) Schedd deployments, this allows
a name to be shared by multiple Schedds.
when too few arguments were passed to “condor_qedit”, such as
“condor_qedit -constraint TRUE”, a segfault occurred. Better argument
handling has been added to resolve this.
due to missing common_createddl.sql and pgsql_createddl.sql files,
it was not possible to use Quill. Now, these files are included in
“/usr/share/condor/sql/”.
“condor_submit -dump ad [file-name]” caused a segfault if the [file-name]
job contained “universe = grid”.
previously, a condor user and group were created if they did not exist,
without specifying a specific UID and GID. Now, UID and GID 64 are used.
The effect of this change is non-existent if upgrading the condor packages.
If an existing condor user and group are manually changed, problems with
file ownership will occur.
Configuration changes (from the Condor release notes - see link below):
a new CKPT_SERVER_CHECK_PARENT_INTERVAL variable sets the time interval
between a checkpoint server checking if its parent is running. If the
parent server has died, the checkpoint server is shut down.
a new CKPT_PROBE variable to define an executable for the helper process
Condor uses for information about the CheckpointPlatform attribute.
STARTER_UPLOAD_TIMEOUT now defaults to 300 seconds.
new variables (booleans) PREEMPTION_REQUIREMENTS_STABLE and
PREEMPTION_RANK_STABLE, configure whether attributes used in
PREEMPTION_REQUIREMENTS and PREEMPTION_RANK change during negotiation
cycles.
a new GRIDMANAGER_MAX_WS_DESTROYS_PER_RESOURCE variable, with a
default value of 5, defines the number of simultaneous WS destroy commands
that can be sent to a server for type gt4 grid universe jobs.
now, VALID_SPOOL_FILES automatically includes the “SCHEDD.lock” lock file
for condor_schedd HA failover.
the default value for SEC_DEFAULT_SESSION_DURATION has been changed from
8640000 seconds (100 days) to 86400 seconds (one day).
Important: these updated packages upgrade Condor to version 7.0.4. For a
full list of changes, refer to the Condor release notes:
www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html
condor users should upgrade to these updated packages, which resolve these
issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | i386 | condor | < 7.0.4-4.el5 | condor-7.0.4-4.el5.i386.rpm |
RedHat | 5 | x86_64 | condor | < 7.0.4-4.el5 | condor-7.0.4-4.el5.x86_64.rpm |
RedHat | 5 | i386 | condor-static | < 7.0.4-4.el5 | condor-static-7.0.4-4.el5.i386.rpm |
RedHat | 5 | x86_64 | condor-static | < 7.0.4-4.el5 | condor-static-7.0.4-4.el5.x86_64.rpm |
RedHat | 5 | x86_64 | condor-test | < 7.0.4-4.el5 | condor-test-7.0.4-4.el5.x86_64.rpm |
RedHat | 5 | i386 | condor-test | < 7.0.4-4.el5 | condor-test-7.0.4-4.el5.i386.rpm |