From 7a94871bc760f0b16923007a99ac36f635c0b4c0 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Sat, 3 Jun 2017 22:33:36 +0000
Subject: [PATCH] Immediately after mounting / read-write, chmod og-rwx the
 kernel.  Remote prying eyes were already been hindered at determining kernel
 addresses, now local prying eyes are also hindered. ok tb rpe

---
 etc/rc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/etc/rc b/etc/rc
index e2ade104ec1..cc8a200b1bc 100644
--- a/etc/rc
+++ b/etc/rc
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.498 2017/05/30 12:04:26 tb Exp $
+#	$OpenBSD: rc,v 1.499 2017/06/03 22:33:36 deraadt Exp $
 
 # System startup script run by init on autoboot or after single-user.
 # Output and error are redirected to console by init, and the console is the
@@ -342,6 +342,7 @@ mount -a -t nonfs,vnd
 # Re-mount the root filesystem read/writeable. (root on nfs requires this,
 # others aren't hurt.)
 mount -uw /
+chmod og-rwx /bsd
 
 rm -f /fastboot
 
-- 
2.20.1