On Thu, Apr 19, 2018 at 06:53:26AM -0500, Z Ero wrote: | Is the feature documented in the manual pages...thanks...if this really works.
OpenBSD doesn't normally document how to disable security features. Generally, security features cannot be disabled. In this case you can because of the way it's implemented. Please make sure you write "make_me_less_secure_please" to the file though and chant the same phrase every day at noon (in your /etc/localtime timezone) for each day you run in this state; this is an important part of stopping the kernel relinking... Paul 'WEiRD' de Weerd | On Thu, Apr 19, 2018 at 4:29 AM, Paul de Weerd <we...@weirdnet.nl> wrote: | > On Thu, Apr 19, 2018 at 04:15:50AM -0500, Z Ero wrote: | > | Coincidently I just logged in to write the misc list about relinking | > | on boot. Is it possible to disable it? What about just relinking on | > | the first boot after install? So then every kernel image is different | > | but not re-randomized each boot! There are some low memory / slow CPU | > | embedded systems like Alix / Soekris where the benefit, in my opinion, | > | of re-linking every single boot is not worth the cost. That said | > | granted these systems should not be rebooted frequently anyway once in | > | production during normal use. I had a soekris recently that performed | > | well for the task I needed it for but that I chose to install OpenBSD | > | version 5.8 on...because I did not want to put up with the | > | relinking...I would have rather used 6.2...would it be possible to | > | give users a "switch" to turn off relinking if they want without | > | recompiling the kernel...please forgive my ignorance (or flame | > | away...) if this already exists. | > | > echo make_me_less_secure_please | doas tee /var/db/kernel.SHA256 | > | > Going back to an older release to *avoid* security features in newer | > versions... wow. You do realise that this kernel relinking thing is | > not the only improvement that's made in the more than two years since | > 5.8, right? | > | > Paul 'WEiRD' de Weerd | > | > -- | >>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ | > +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] | > http://www.weirdnet.nl/ -- >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] http://www.weirdnet.nl/
