Sorry about the delay, On Tue, 10 Jun 2014 19:17:35 +0000 "Hullinger, Jason (Cloud Services)" <jason.hullinger@xxxxxx> wrote: > The function call_program in the tgtd daemon includes a callback function > that will run arbitrary commands. Additionally, it does not check that the Yeah, the feature is intentional: http://www.spinics.net/lists/linux-stgt/msg02065.html No security about tgtadm. A user who can use tgtadm has the root permission. He can do whatever he want to on the machine. He doesn't need to use a security hole in tgtd and tgtadm. Of course, we care about security about iscsi and isns ports. -- To unsubscribe from this list: send the line "unsubscribe stgt" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html