CVE-2007-0998 - remote compromise of dom0

Rather than completely disabling QEMU's console (which would remove
the "sendkey" command, among other useful things), remove all console
commands that can read/write dom0's state.


Index: xen-3.4.1-testing/tools/ioemu-remote/monitor.c
===================================================================
--- xen-3.4.1-testing.orig/tools/ioemu-remote/monitor.c
+++ xen-3.4.1-testing/tools/ioemu-remote/monitor.c
@@ -1481,6 +1481,7 @@ static const term_cmd_t term_cmds[] = {
       "device|all", "commit changes to the disk images (if -snapshot is used) or backing files" },
     { "info", "s?", do_info,
       "subcommand", "show various information about the system state" },
+#ifdef CONFIG_TRUSTED_CLIENT
     { "q|quit", "", do_quit,
       "", "quit the emulator" },
     { "eject", "-fB", do_eject,
@@ -1493,6 +1494,7 @@ static const term_cmd_t term_cmds[] = {
       "filename", "output logs to 'filename'" },
     { "log", "s", do_log,
       "item1[,...]", "activate logging of the specified items to '/tmp/qemu.log'" },
+#endif
     { "savevm", "s?", do_savevm,
       "tag|id", "save a VM snapshot. If no tag or id are provided, a new snapshot is created" },
     { "loadvm", "s", do_loadvm,
@@ -1522,12 +1524,14 @@ static const term_cmd_t term_cmds[] = {
       "", "reset the system" },
     { "system_powerdown", "", do_system_powerdown,
       "", "send system power down event" },
+#ifdef CONFIG_TRUSTED_CLIENT
     { "sum", "ii", do_sum,
       "addr size", "compute the checksum of a memory region" },
     { "usb_add", "s", do_usb_add,
       "device", "add USB device (e.g. 'host:bus.addr' or 'host:vendor_id:product_id')" },
     { "usb_del", "s", do_usb_del,
       "device", "remove USB device 'bus.addr'" },
+#endif
 #ifdef CONFIG_PHP_DEBUG
     { "pci_add", "s", do_pci_add,
       "device", "insert PCI pass-through device by BDF,e.g. (dom, bus, dev, func) by hex '0x0, 0x3, 0x0, 0x0'" },
@@ -1542,6 +1546,7 @@ static const term_cmd_t term_cmds[] = {
       "state", "change mouse button state (1=L, 2=M, 4=R)" },
     { "mouse_set", "i", do_mouse_set,
       "index", "set which mouse device receives events" },
+#ifdef CONFIG_TRUSTED_CLIENT
 #ifdef HAS_AUDIO
     { "wavcapture", "si?i?i?", do_wav_capture,
       "path [frequency bits channels]",
@@ -1549,6 +1554,7 @@ static const term_cmd_t term_cmds[] = {
 #endif
     { "stopcapture", "i", do_stop_capture,
       "capture index", "stop capture" },
+#endif
     { "memsave", "lis", do_memory_save,
       "addr size file", "save to disk virtual memory dump starting at 'addr' of size 'size'", },
     { "pmemsave", "lis", do_physical_memory_save,
@@ -1628,6 +1634,7 @@ static const term_cmd_t info_cmds[] = {
       "", "show KVM information", },
     { "usb", "", usb_info,
       "", "show guest USB devices", },
+#ifdef CONFIG_TRUSTED_CLIENT
     { "usbhost", "", usb_host_info,
       "", "show host USB devices", },
     { "profile", "", do_info_profile,
@@ -1659,6 +1666,7 @@ static const term_cmd_t info_cmds[] = {
     { "migrate", "", do_info_migrate, "", "show migration status" },
     { "balloon", "", do_info_balloon,
       "", "show balloon information" },
+#endif
     { NULL, NULL, },
 };