[aomix]

Even following the OpenBSD mailing lists I didn't realize all the anti ROP features they put into this release. The big idea is that popular attack surfaces are randomly relinked at boot/upgrade/run time. Now now the kernel, libc, libcrypto, and ld are unique to each machine. So instead of a single information leak giving away the whole game it gives away basically nothing. An attacker would need to chain many, many information leaks together to get anything useful so the bar is raised quite a bit.