From eaa1bd612f50d2f253738ed19e14981e4ede98a5 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Thu, 6 Sep 2012 17:05:30 +0100 Subject: [PATCH] Disable qemu monitor by default. The qemu monitor is an overly powerful feature which must be protected from untrusted (guest) administrators. Neither xl nor xend expect qemu to produce this monitor unless it is explicitly requested. This is a security problem, XSA-19. Previously it was CVE-2007-0998 in Red Hat but we haven't dealt with it in upstream. We hope to have a new CVE for it here but we don't have one yet. Signed-off-by: Ian Jackson (cherry picked from commit bacc0d302445c75f18f4c826750fb5853b60e7ca) --- vl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vl.c b/vl.c index a49bf089..c5b605f0 100644 --- a/vl.c +++ b/vl.c @@ -4901,7 +4901,7 @@ int main(int argc, char **argv, char **envp) kernel_cmdline = ""; cyls = heads = secs = 0; translation = BIOS_ATA_TRANSLATION_AUTO; - monitor_device = "vc:80Cx24C"; + monitor_device = "null"; serial_devices[0] = "vc:80Cx24C"; for(i = 1; i < MAX_SERIAL_PORTS; i++) -- 2.39.5