It is possible to bind the iscsitarget daemon (ietd) to a specific IP address and port number, but only by using the --address and --port command-line options: there is no way to do so in the configuration file. The /etc/init.d/iscsitarget script should therefore enable the administrator access to these options.
My proposal is to append "-- $IETD_ARGS" to the start-stop-daemon line in ietd_start() (as well as IETD_ARGS= earlier-on), so that it becomes possible to set this variable in /etc/default/iscsitarget.
I have made the above changes locally, but now run the risk that if the /etc/init.d/iscsitarget script is overwritten upon a future upgrade by ietd daemon will revert to its default behaviour, which is to listen on all IP addresses and well-known port 3260. This is a security problem for me, and, I submit, generically.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: iscsitarget 1.4.20.2-1ubuntu1
ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2
Uname: Linux 2.6.38-8-generic x86_64
Architecture: amd64
Date: Sun Oct 9 08:45:49 2011
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: iscsitarget
UpgradeStatus: No upgrade log present (probably fresh install)
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.