You are speaking about ``library_aslr`` which is documented by ``man rc.conf``. But it is not the same thing as kernel reordering: it reorders libs, so they'll be loaded at different memory address next time. And kernel relink does same for kernel itself (relinks kernel from its objects in random manner).
We can disable library_aslr, but there is no same option for kernel.. On Thu, Apr 19, 2018 at 9:58 PM, sven falempin <sven.falem...@gmail.com> wrote: > On Thu, Apr 19, 2018 at 1:01 PM, IL Ka <kazakevichi...@gmail.com> wrote: > > > Upgrade may affect kernel, so you need to reorder it at least once after > > upgrade! > > > > I am not sure which policy do OpenBSD use, but generally if something is > > not documented it is subject to be changed in minor upgrade. > > > > The only reference to this script is ``/etc/rc`` (line 620) without of > any > > variable, and since "reorder_kernel" is > > not documented it would be absolutelly legal to rename it and update > > /etc/rc accordingly. > > > > So, this little hack may be broken after upgrade anyway. > > > > I wish there were ``man reorder_kernel(8)`` and ``reorder_kernel=NO`` > > documented in ``rc.conf(8)`` > > But if I understood everything correct, developers say we should not > > disable this script, > > that is why they do not document it nor create an option in rc.conf. > > > > > > On Thu, Apr 19, 2018 at 7:42 PM, <ed...@pettijohn-web.com> wrote: > > > > > One step further would be to put that in your rc.local so it survives > an > > > upgrade. > > > On Apr 19, 2018 9:44 AM, IL Ka <kazakevichi...@gmail.com> wrote: > > > > > > > > Ancient UNIX way to disable anything: ``doas chmod -x > > > > /usr/libexec/reorder_kernel`` ;) > > > > > > > > Although ``reorder_kernel`` is very simple ksh script, I agree it > > should > > > be > > > > documented. > > > > > > > > > > > grep aslr /etc/rc.conf >> /etc/rc.conf.local > > When you reboot often on crap drive, or if you are not exposed (test > device), relinking is waste of time > IF you are online , keep it . > > Just comment in rc -_- for kernel > > -- > -- > ------------------------------------------------------------ > --------------------------------------------------------- > Knowing is not enough; we must apply. Willing is not enough; we must do >
