Disable qemu monitor by default. The qemu monitor is an overly

powerful feature which must be protected from untrusted (guest)
administrators.

Neither xl nor xend expect qemu to produce this monitor unless it is
explicitly requested.

This is a security problem, XSA-19.  Previously it was CVE-2007-0998
in Red Hat but we haven't dealt with it in upstream.  We hope to have
a new CVE for it here but we don't have one yet.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
(cherry picked from commit bacc0d302445c75f18f4c826750fb5853b60e7ca)

diff --git a/vl.c b/vl.c
index a49bf0896405673ced5a8db5e3a8cda0bfeb40db..c5b605f0037c876b582ace6bec7ebdb6f4d44666 100644 (file)
--- a/vl.c
+++ b/vl.c
@@ -4901,7 +4901,7 @@ int main(int argc, char **argv, char **envp)
     kernel_cmdline = "";
     cyls = heads = secs = 0;
     translation = BIOS_ATA_TRANSLATION_AUTO;
     kernel_cmdline = "";
     cyls = heads = secs = 0;
     translation = BIOS_ATA_TRANSLATION_AUTO;

-    monitor_device = "vc:80Cx24C";
+    monitor_device = "null";

 
     serial_devices[0] = "vc:80Cx24C";
     for(i = 1; i < MAX_SERIAL_PORTS; i++)
 
     serial_devices[0] = "vc:80Cx24C";
     for(i = 1; i < MAX_SERIAL_PORTS; i++)