hvm: Remove access to QEMU monitor in VNC server

This fixes a RHEL5 errata and CVE-2007-0998.

The monitor is still accessible in debug builds of ioemu (debug=y).

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

diff --git a/tools/ioemu/Makefile.target b/tools/ioemu/Makefile.target
index 4872128d20da4288f9514a50978d10d1ca02bae8..becb331238c41a36e69e406c3abd0ec909a65e3f 100644 (file)
--- a/tools/ioemu/Makefile.target
+++ b/tools/ioemu/Makefile.target
@@ -193,6 +193,10 @@ ifdef CONFIG_SOLARIS
 LIBS+=-lsocket -lnsl -lresolv
 endif
 
+ifeq ($(debug),y)
+CFLAGS += -DQEMU_VNC_MONITOR_EXPORT
+endif
+
 # profiling code
 ifdef TARGET_GPROF
 LDFLAGS+=-p

diff --git a/tools/ioemu/vnc.c b/tools/ioemu/vnc.c
index d06b47a220fce74097ef4cc5e6485945d704fdc3..ac3b43351cd581dcfc87fe7687f6908ba6e20af4 100644 (file)
--- a/tools/ioemu/vnc.c
+++ b/tools/ioemu/vnc.c
@@ -113,8 +113,10 @@ struct VncState
     int visible_w;
     int visible_h;
 
+#ifdef QEMU_VNC_MONITOR_EXPORT
     int ctl_keys;               /* Ctrl+Alt starts calibration */
     int shift_keys;             /* Shift / CapsLock keys */
+#endif
     int numlock;
 };
 
@@ -895,6 +897,7 @@ static void do_key_event(VncState *vs, int down, uint32_t sym)
            kbd_put_keycode(keycode & 0x7f);
        else
            kbd_put_keycode(keycode | 0x80);
+#ifdef QEMU_VNC_MONITOR_EXPORT
     } else if (down) {
        int qemu_keysym = 0;
 
@@ -922,8 +925,10 @@ static void do_key_event(VncState *vs, int down, uint32_t sym)
        }
        if (qemu_keysym != 0)
            kbd_put_keysym(qemu_keysym);
+#endif
     }
 
+#ifdef QEMU_VNC_MONITOR_EXPORT
     if (down) {
        switch (sym) {
        case XK_Control_L:
@@ -976,6 +981,10 @@ static void do_key_event(VncState *vs, int down, uint32_t sym)
            break;
        }
     }
+#else
+    if (!down && sym == XK_Num_Lock)
+        vs->numlock = !vs->numlock;
+#endif
 }
 
 static void key_event(VncState *vs, int down, uint32_t sym)