xen/xen-disable-qemu-monitor.diff

CVE-2007-0998 - remote compromise of dom0

Rather than completely disabling QEMU's console (which would remove
the "sendkey" command, among other useful things), remove all console
commands that can read/write dom0's state.


Index: xen-4.0.1-testing/tools/ioemu-qemu-xen/monitor.c
===================================================================
--- xen-4.0.1-testing.orig/tools/ioemu-qemu-xen/monitor.c
+++ xen-4.0.1-testing/tools/ioemu-qemu-xen/monitor.c
@@ -1497,6 +1497,7 @@ static const term_cmd_t term_cmds[] = {
       "device|all", "commit changes to the disk images (if -snapshot is used) or backing files" },
     { "info", "s?", do_info,
       "subcommand", "show various information about the system state" },
+#ifdef CONFIG_TRUSTED_CLIENT
     { "q|quit", "", do_quit,
       "", "quit the emulator" },
     { "eject", "-fB", do_eject,
@@ -1509,6 +1510,7 @@ static const term_cmd_t term_cmds[] = {
       "filename", "output logs to 'filename'" },
     { "log", "s", do_log,
       "item1[,...]", "activate logging of the specified items to '/tmp/qemu.log'" },
+#endif
     { "savevm", "s?", do_savevm,
       "tag|id", "save a VM snapshot. If no tag or id are provided, a new snapshot is created" },
     { "loadvm", "s", do_loadvm,
@@ -1538,8 +1540,10 @@ static const term_cmd_t term_cmds[] = {
       "", "reset the system" },
     { "system_powerdown", "", do_system_powerdown,
       "", "send system power down event" },
+#ifdef CONFIG_TRUSTED_CLIENT
     { "sum", "ii", do_sum,
       "addr size", "compute the checksum of a memory region" },
+#endif
     { "usb_add", "s", do_usb_add,
       "device", "add USB device (e.g. 'host:bus.addr' or 'host:vendor_id:product_id')" },
     { "usb_del", "s", do_usb_del,
@@ -1558,6 +1562,7 @@ static const term_cmd_t term_cmds[] = {
       "state", "change mouse button state (1=L, 2=M, 4=R)" },
     { "mouse_set", "i", do_mouse_set,
       "index", "set which mouse device receives events" },
+#ifdef CONFIG_TRUSTED_CLIENT
 #ifdef HAS_AUDIO
     { "wavcapture", "si?i?i?", do_wav_capture,
       "path [frequency bits channels]",
@@ -1565,6 +1570,7 @@ static const term_cmd_t term_cmds[] = {
 #endif
     { "stopcapture", "i", do_stop_capture,
       "capture index", "stop capture" },
+#endif
     { "memsave", "lis", do_memory_save,
       "addr size file", "save to disk virtual memory dump starting at 'addr' of size 'size'", },
     { "pmemsave", "lis", do_physical_memory_save,
@@ -1646,6 +1652,7 @@ static const term_cmd_t info_cmds[] = {
       "", "show KVM information", },
     { "usb", "", usb_info,
       "", "show guest USB devices", },
+#ifdef CONFIG_TRUSTED_CLIENT
     { "usbhost", "", usb_host_info,
       "", "show host USB devices", },
     { "profile", "", do_info_profile,
@@ -1677,6 +1684,7 @@ static const term_cmd_t info_cmds[] = {
     { "migrate", "", do_info_migrate, "", "show migration status" },
     { "balloon", "", do_info_balloon,
       "", "show balloon information" },
+#endif
     { NULL, NULL, },
 };