On 2020-05-25 11:35, ULF wrote: ... > My question is: > > considering that an opt out option has been already turned down, could at > least old architectures be benefited of a "delay" option e.g. like tune2fs > sets a fsck every n-th boot, could KARL, just for very old machines be > tuned, say, to be applied every 10/20 boots?
oh, please no. So you want my old machine to USUALLY boot in a minute or so...but once in a while, you want it to take many times that long with no real warning that "don't panic, this reboot will take many times the usual amount"? No...we got Linux machines that do that...very horribly unpleasant. It also disables the primary advantage of KARL -- If you find a way to tickle a bug in the OpenBSD kernel, PROBABLY the first result will be to crash the kernel (due to other safety things). You WANT it to come up on a different kernel NEXT TIME, not after a bunch more crashes while the attacker figures out how to turn a crash-bug into an exploit-bug.. If you really want to kill this security feature, don't pretend it's still there helping you...turn it off and know it's off. KARL is really easy to disable IF that's what you really want to do. You probably want to kill the library relinking, too (if your disks don't suck, I find the library re-linking more painful than the kernel relinking. If your disks suck (i.e., USB thumb drive), they are both painful). Also easy. I, toolike running old hw, but I'd rather OpenBSD be made as good as possible for modern stuff so people can do real work on it than to be crippled by trying to optimize for a bunch of us old hw collectors. We can disable KARL and library re-linking if we want to -- and that's how it should be, build for the productive masses, leave the edge cases to the nut-jobs like us. :) Nick.
