Did you see my reply...i had the epiphany that no incantation is necessary. I have seen the light.
On Thu, Apr 19, 2018 at 6:58 AM, Paul de Weerd <we...@weirdnet.nl> wrote: > On Thu, Apr 19, 2018 at 06:53:26AM -0500, Z Ero wrote: > | Is the feature documented in the manual pages...thanks...if this really > works. > > OpenBSD doesn't normally document how to disable security features. > Generally, security features cannot be disabled. In this case you > can because of the way it's implemented. > > Please make sure you write "make_me_less_secure_please" to the file > though and chant the same phrase every day at noon (in your > /etc/localtime timezone) for each day you run in this state; this is > an important part of stopping the kernel relinking... > > Paul 'WEiRD' de Weerd > > | On Thu, Apr 19, 2018 at 4:29 AM, Paul de Weerd <we...@weirdnet.nl> wrote: > | > On Thu, Apr 19, 2018 at 04:15:50AM -0500, Z Ero wrote: > | > | Coincidently I just logged in to write the misc list about relinking > | > | on boot. Is it possible to disable it? What about just relinking on > | > | the first boot after install? So then every kernel image is different > | > | but not re-randomized each boot! There are some low memory / slow CPU > | > | embedded systems like Alix / Soekris where the benefit, in my opinion, > | > | of re-linking every single boot is not worth the cost. That said > | > | granted these systems should not be rebooted frequently anyway once in > | > | production during normal use. I had a soekris recently that performed > | > | well for the task I needed it for but that I chose to install OpenBSD > | > | version 5.8 on...because I did not want to put up with the > | > | relinking...I would have rather used 6.2...would it be possible to > | > | give users a "switch" to turn off relinking if they want without > | > | recompiling the kernel...please forgive my ignorance (or flame > | > | away...) if this already exists. > | > > | > echo make_me_less_secure_please | doas tee /var/db/kernel.SHA256 > | > > | > Going back to an older release to *avoid* security features in newer > | > versions... wow. You do realise that this kernel relinking thing is > | > not the only improvement that's made in the more than two years since > | > 5.8, right? > | > > | > Paul 'WEiRD' de Weerd > | > > | > -- > | >>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ > | > +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] > | > http://www.weirdnet.nl/ > > -- >>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ > +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] > http://www.weirdnet.nl/
