Contributed by rueda on 2017-06-13 from the Charlemagne dept.

In a message to the tech@ mailing list, Theo de Raadt ( deraadt@ ) has announced a new randomization feature for kernel protection:

Over the last three weeks I've been working on a new randomization feature which will protect the kernel. [...] Recently I moved all our kernels to a new mapping model, with patrick and visa taking care of two platforms. [...] As a result, every new kernel is unique. The relative offsets between functions and data are unique. [...] However, snapshots of -current contain a futher change, which I worked on with Robert Peichaer (rpe@): That change is scaffolding to ensure you boot a newly-linked kernel upon every reboot.[...]

Read the full message for the juicy details.