75 lines
2.7 KiB
Diff
75 lines
2.7 KiB
Diff
CVE-2007-0998 - remote compromise of dom0
|
|
|
|
Rather than completely disabling QEMU's console (which would remove
|
|
the "sendkey" command, among other useful things), remove all console
|
|
commands that can read/write dom0's state.
|
|
|
|
|
|
Index: xen-unstable/tools/ioemu/monitor.c
|
|
===================================================================
|
|
--- xen-unstable.orig/tools/ioemu/monitor.c
|
|
+++ xen-unstable/tools/ioemu/monitor.c
|
|
@@ -1158,6 +1158,7 @@ static term_cmd_t term_cmds[] = {
|
|
"", "commit changes to the disk images (if -snapshot is used)" },
|
|
{ "info", "s?", do_info,
|
|
"subcommand", "show various information about the system state" },
|
|
+#ifdef CONFIG_TRUSTED_CLIENT
|
|
{ "q|quit", "", do_quit,
|
|
"", "quit the emulator" },
|
|
{ "eject", "-fB", do_eject,
|
|
@@ -1168,6 +1169,7 @@ static term_cmd_t term_cmds[] = {
|
|
"filename", "save screen into PPM image 'filename'" },
|
|
{ "log", "s", do_log,
|
|
"item1[,...]", "activate logging of the specified items to '/tmp/qemu.log'" },
|
|
+#endif
|
|
#ifndef CONFIG_DM
|
|
{ "savevm", "F", do_savevm,
|
|
"filename", "save the whole virtual machine state to 'filename'" },
|
|
@@ -1199,12 +1201,14 @@ static term_cmd_t term_cmds[] = {
|
|
{ "system_powerdown", "", do_system_powerdown,
|
|
"", "send system power down event" },
|
|
#endif /* !CONFIG_DM */
|
|
+#ifdef CONFIG_TRUSTED_CLIENT
|
|
{ "sum", "ii", do_sum,
|
|
"addr size", "compute the checksum of a memory region" },
|
|
{ "usb_add", "s", do_usb_add,
|
|
"device", "add USB device (e.g. 'host:bus.addr' or 'host:vendor_id:product_id')" },
|
|
{ "usb_del", "s", do_usb_del,
|
|
"device", "remove USB device 'bus.addr'" },
|
|
+#endif
|
|
#ifndef CONFIG_DM
|
|
{ "cpu", "i", do_cpu_set,
|
|
"index", "set the default CPU" },
|
|
@@ -1213,6 +1217,7 @@ static term_cmd_t term_cmds[] = {
|
|
"dx dy [dz]", "send mouse move events" },
|
|
{ "mouse_button", "i", do_mouse_button,
|
|
"state", "change mouse button state (1=L, 2=M, 4=R)" },
|
|
+#ifdef CONFIG_TRUSTED_CLIENT
|
|
#ifdef HAS_AUDIO
|
|
{ "wavcapture", "si?i?i?", do_wav_capture,
|
|
"path [frequency bits channels]",
|
|
@@ -1220,6 +1225,7 @@ static term_cmd_t term_cmds[] = {
|
|
#endif
|
|
{ "stopcapture", "i", do_stop_capture,
|
|
"capture index", "stop capture" },
|
|
+#endif
|
|
{ NULL, NULL, },
|
|
};
|
|
|
|
@@ -1258,6 +1264,7 @@ static term_cmd_t info_cmds[] = {
|
|
#endif /* !CONFIG_DM */
|
|
{ "usb", "", usb_info,
|
|
"", "show guest USB devices", },
|
|
+#ifdef CONFIG_TRUSTED_CLIENT
|
|
{ "usbhost", "", usb_host_info,
|
|
"", "show host USB devices", },
|
|
{ "profile", "", do_info_profile,
|
|
@@ -1268,6 +1275,7 @@ static term_cmd_t info_cmds[] = {
|
|
{ "hvmiopage", "", sp_info,
|
|
"", "show HVM device model shared page info", },
|
|
#endif /* CONFIG_DM */
|
|
+#endif
|
|
{ NULL, NULL, },
|
|
};
|
|
|