Hello I doubt if it is a good idea to touch aslr setting for testing environment, I think it is dependent of what do you need to test.
I am curious whether aslr can be disabled for package building environment without causing issues with built binary packages on production like vulnerabilities or stability issues. Maybe some people on openbsd-misc know the answer. Thank you in advance for replies, whiteman808 Dnia 18 września 2024 20:06:02 CEST, Luca Di Gregorio <luc...@gmail.com> napisał/a: >library_aslr=NO is already set in /etc/rc.conf.local, because I ran: ># rcctl disable library_aslr > >Just tried with moving /var/db/kernel.SHA256: ># mv /var/db/kernel.SHA256 /var/db/no_kernel.SHA256 > >At reboot, reordering libraries is skipped (due to library_aslr=NO) >and reorder_kernel: failed ( /var/db/kernel.SHA256 moved ) > >Thanks a lot! > >Il giorno mer 18 set 2024 alle ore 19:04 James Cook <falsif...@falsifian.org> >ha scritto: > >> On Tue, Sep 10, 2024 at 02:39:55PM +0200, Luca Di Gregorio wrote: >> >Hi, >> > >> >I'm running very little OpenBSD VMs for simple services and testing >> >environments. >> > >> >I really don't need security on these VMs, I already disabled library_aslr >> >(rcctl disable library_aslr) to avoid reordering libraries at boot, but, >> at >> >startup, I still see ld and ctfconv running and consuming a lot of CPU. >> > >> >As the VMs are little, ld and ctfconv takes a lot of time to finish. >> > >> >Is there a way to disable them as well? >> > >> >Luca >> >> I think you can set library_aslr=NO in /etc/rc.conf.local. See >> rc.conf(8). >> >> Mizsei's answer is about kernel relinking, which I think happens >> in the background after every boot. It might slow things down too. >> >> -- >> James >>
