Sites installing TORQUE from the gLite repository should apply the following mitigation action to fix a vulnerability issue. For more details please check the EGI security advisory https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/Torque-2011-06-15.

For sites using the version of TORQUE released on Update 33 or later, no mitigation action is needed.

Mitigation

Sites should carry out the following mitigating action. As always, please follow your change management procedure when making a configuration change in your production environment.

Step 1: put Torque server behind a firewall (but remember that your submit hosts and worker nodes need to be able to connect to it)

Step 2: for each queue, make the following configuration change

 #Enable queue level host-based ACL

 set queue <queuename> acl_host_enable = True

 #Add a list of trusted hosts (such as your CEs) which can submit jobs to this

 queue set queue <queuename> acl_hosts = Trusted_CE1, trusted_CE2

Step 3: test configuration change thoroughly before rolling it into your production system.

For an up to date documentation on configuration known issues, please check also the YAIM known issues page.