Re: tgtd buffer overflow and command injection vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sorry about the delay,

On Tue, 10 Jun 2014 19:17:35 +0000
"Hullinger, Jason (Cloud Services)" <jason.hullinger@xxxxxx> wrote:

> The function call_program in the tgtd daemon includes a callback function
> that will run arbitrary commands. Additionally, it does not check that the

Yeah, the feature is intentional:

http://www.spinics.net/lists/linux-stgt/msg02065.html

No security about tgtadm. A user who can use tgtadm has the root
permission. He can do whatever he want to on the machine. He doesn't
need to use a security hole in tgtd and tgtadm.

Of course, we care about security about iscsi and isns ports.
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux SCSI]     [Linux RAID]     [Linux Clusters]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]

  Powered by Linux