On Fri, Jan 20, 2023 at 01:15:29PM -0700, Theo de Raadt wrote:
> Todd C. Miller <todd.mil...@millert.dev> wrote:
> > I wonder if it makes sense to have a version of sysctl.conf that
> > only gets used for the next reboot and then is removed, kind of
> > like /etc/rc.firsttime. Maybe call it /etc/sysctl.once.
>
> Well you are shown the change at boot, and it is visible in dmesg -s,
> which should be good enough.
Otherwise, something like this might be useful for test machines:
Index: wsemul_vt100.c
===================================================================
RCS file: /cvs/src/sys/dev/wscons/wsemul_vt100.c,v
retrieving revision 1.42
diff -u -p -r1.42 wsemul_vt100.c
--- wsemul_vt100.c 12 Jan 2023 20:39:37 -0000 1.42
+++ wsemul_vt100.c 20 Jan 2023 21:00:08 -0000
@@ -170,6 +170,12 @@ wsemul_vt100_cnattach(const struct wsscr
#ifndef WS_KERNEL_BG
#define WS_KERNEL_BG WSCOL_BLUE
#endif
+#ifndef WS_INSEC_BG
+#define WS_INSEC_BG WSCOL_RED
+#endif
+#ifndef WS_INSEC_FG
+#define WS_INSEC_FG WSCOL_WHITE
+#endif
#ifndef WS_KERNEL_COLATTR
#define WS_KERNEL_COLATTR 0
#endif
@@ -186,6 +192,16 @@ wsemul_vt100_cnattach(const struct wsscr
if (res)
edp->kernattr = defattr;
+ if (type->capabilities & WSSCREEN_WSCOLORS)
+ res = (*edp->emulops->pack_attr)(cookie,
+ WS_INSEC_FG, WS_INSEC_BG,
+ WS_KERNEL_COLATTR | WSATTR_WSCOLORS, &edp->insecattr);
+ else
+ res = (*edp->emulops->pack_attr)(cookie, 0, 0,
+ WS_KERNEL_MONOATTR, &edp->insecattr);
+ if (res)
+ edp->insecattr = defattr;
+
edp->tabs = NULL;
#ifdef HAVE_DOUBLE_WIDTH_HEIGHT
edp->dblwid = NULL;
@@ -387,15 +403,15 @@ wsemul_vt100_output_normal(struct wsemul
return rc;
}
}
-
+#define KERN_ATTR (securelevel < 1 ? edp->insecattr : edp->kernattr)
#ifdef HAVE_DOUBLE_WIDTH_HEIGHT
WSEMULOP(rc, edp, &edp->abortstate, putchar,
(edp->emulcookie, edp->crow, edp->ccol << edp->dw, dc,
- kernel ? edp->kernattr : edp->curattr));
+ kernel ? KERN_ATTR : edp->curattr));
#else
WSEMULOP(rc, edp, &edp->abortstate, putchar,
(edp->emulcookie, edp->crow, edp->ccol, dc,
- kernel ? edp->kernattr : edp->curattr));
+ kernel ? KERN_ATTR : edp->curattr));
#endif
if (rc != 0) {
/* undo potential sschartab update */
Index: wsemul_vt100var.h
===================================================================
RCS file: /cvs/src/sys/dev/wscons/wsemul_vt100var.h,v
retrieving revision 1.12
diff -u -p -r1.12 wsemul_vt100var.h
--- wsemul_vt100var.h 12 Jan 2023 20:39:37 -0000 1.12
+++ wsemul_vt100var.h 20 Jan 2023 21:00:08 -0000
@@ -38,6 +38,7 @@ struct wsemul_vt100_emuldata {
uint32_t defattr; /* default attribute */
uint32_t kernattr; /* attribute for kernel output */
+ uint32_t insecattr; /* ^^^ for securelevel < 1 ^^^ */
void *cbcookie;
#ifdef DIAGNOSTIC
int console;
