On 11/15/18 3:26 PM, jean-yves boisiaud wrote: > Or, is there a simple way to use root FS RO with OpenBSD 6.4 and above ?
I thought library reordering and KARL had been with us longer, but anyway, it's possible to turn off the library reordering with library_aslr=NO in your rc.conf.local. I haven't tried myself, but a bit of /etc/rc reading (and references therein, heh) leads me to believe that if you put something other than a valid hash of your kernel binary in /var/db/kernel.SHA256 kernel relinking will not happen either. There is no knob that I can see to disable the rw mount of /, other than of course doing the surgery on /etc/rc (which you then get to maintain as a local change from now on). If that's what you need and you consider it worth the trouble, that's approximately what you need to do. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
