2007-04-26 01:53:07 +02:00
|
|
|
CVE-2007-0998 - remote compromise of dom0
|
|
|
|
|
|
|
|
|
|
Rather than completely disabling QEMU's console (which would remove
|
|
|
|
|
the "sendkey" command, among other useful things), remove all console
|
|
|
|
|
commands that can read/write dom0's state.
|
|
|
|
|
|
|
|
|
|
|
2007-12-20 16:46:41 +01:00
|
|
|
Index: xen-3.2-testing/tools/ioemu/monitor.c
|
2007-04-26 01:53:07 +02:00
|
|
|
===================================================================
|
2007-12-20 16:46:41 +01:00
|
|
|
--- xen-3.2-testing.orig/tools/ioemu/monitor.c
|
|
|
|
|
+++ xen-3.2-testing/tools/ioemu/monitor.c
|
|
|
|
|
@@ -1231,6 +1231,7 @@ static term_cmd_t term_cmds[] = {
|
|
|
|
|
"device|all", "commit changes to the disk images (if -snapshot is used) or backing files" },
|
2007-04-26 01:53:07 +02:00
|
|
|
{ "info", "s?", do_info,
|
|
|
|
|
"subcommand", "show various information about the system state" },
|
|
|
|
|
+#ifdef CONFIG_TRUSTED_CLIENT
|
|
|
|
|
{ "q|quit", "", do_quit,
|
|
|
|
|
"", "quit the emulator" },
|
|
|
|
|
{ "eject", "-fB", do_eject,
|
2007-12-20 16:46:41 +01:00
|
|
|
@@ -1241,6 +1242,7 @@ static term_cmd_t term_cmds[] = {
|
2007-04-26 01:53:07 +02:00
|
|
|
"filename", "save screen into PPM image 'filename'" },
|
|
|
|
|
{ "log", "s", do_log,
|
|
|
|
|
"item1[,...]", "activate logging of the specified items to '/tmp/qemu.log'" },
|
|
|
|
|
+#endif
|
|
|
|
|
#ifndef CONFIG_DM
|
2007-12-20 16:46:41 +01:00
|
|
|
{ "savevm", "s?", do_savevm,
|
|
|
|
|
"tag|id", "save a VM snapshot. If no tag or id are provided, a new snapshot is created" },
|
|
|
|
|
@@ -1274,12 +1276,14 @@ static term_cmd_t term_cmds[] = {
|
2007-04-26 01:53:07 +02:00
|
|
|
{ "system_powerdown", "", do_system_powerdown,
|
|
|
|
|
"", "send system power down event" },
|
|
|
|
|
#endif /* !CONFIG_DM */
|
|
|
|
|
+#ifdef CONFIG_TRUSTED_CLIENT
|
|
|
|
|
{ "sum", "ii", do_sum,
|
|
|
|
|
"addr size", "compute the checksum of a memory region" },
|
|
|
|
|
{ "usb_add", "s", do_usb_add,
|
|
|
|
|
"device", "add USB device (e.g. 'host:bus.addr' or 'host:vendor_id:product_id')" },
|
|
|
|
|
{ "usb_del", "s", do_usb_del,
|
|
|
|
|
"device", "remove USB device 'bus.addr'" },
|
|
|
|
|
+#endif
|
|
|
|
|
#ifndef CONFIG_DM
|
|
|
|
|
{ "cpu", "i", do_cpu_set,
|
|
|
|
|
"index", "set the default CPU" },
|
2007-12-20 16:46:41 +01:00
|
|
|
@@ -1290,6 +1294,7 @@ static term_cmd_t term_cmds[] = {
|
2007-04-26 01:53:07 +02:00
|
|
|
"state", "change mouse button state (1=L, 2=M, 4=R)" },
|
2007-12-20 16:46:41 +01:00
|
|
|
{ "mouse_set", "i", do_mouse_set,
|
|
|
|
|
"index", "set which mouse device receives events" },
|
2007-04-26 01:53:07 +02:00
|
|
|
+#ifdef CONFIG_TRUSTED_CLIENT
|
|
|
|
|
#ifdef HAS_AUDIO
|
|
|
|
|
{ "wavcapture", "si?i?i?", do_wav_capture,
|
|
|
|
|
"path [frequency bits channels]",
|
2007-12-20 16:46:41 +01:00
|
|
|
@@ -1297,6 +1302,7 @@ static term_cmd_t term_cmds[] = {
|
2007-04-26 01:53:07 +02:00
|
|
|
#endif
|
|
|
|
|
{ "stopcapture", "i", do_stop_capture,
|
|
|
|
|
"capture index", "stop capture" },
|
|
|
|
|
+#endif
|
2007-12-20 16:46:41 +01:00
|
|
|
#ifndef CONFIG_DM
|
|
|
|
|
{ "memsave", "lis", do_memory_save,
|
|
|
|
|
"addr size file", "save to disk virtual memory dump starting at 'addr' of size 'size'", },
|
|
|
|
|
@@ -1339,6 +1345,7 @@ static term_cmd_t info_cmds[] = {
|
2007-04-26 01:53:07 +02:00
|
|
|
#endif /* !CONFIG_DM */
|
|
|
|
|
{ "usb", "", usb_info,
|
|
|
|
|
"", "show guest USB devices", },
|
|
|
|
|
+#ifdef CONFIG_TRUSTED_CLIENT
|
|
|
|
|
{ "usbhost", "", usb_host_info,
|
|
|
|
|
"", "show host USB devices", },
|
|
|
|
|
{ "profile", "", do_info_profile,
|
2007-12-20 16:46:41 +01:00
|
|
|
@@ -1355,6 +1362,7 @@ static term_cmd_t info_cmds[] = {
|
2007-04-26 01:53:07 +02:00
|
|
|
{ "hvmiopage", "", sp_info,
|
2007-12-20 16:46:41 +01:00
|
|
|
"", "show HVM device model shared page info" },
|
2007-04-26 01:53:07 +02:00
|
|
|
#endif /* CONFIG_DM */
|
|
|
|
|
+#endif
|
|
|
|
|
{ NULL, NULL, },
|
|
|
|
|
};
|
|
|
|
|
|
