===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/innovations.html,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- www/innovations.html	2017/06/26 17:18:57	1.49
+++ www/innovations.html	2017/07/03 22:01:03	1.50
@@ -463,6 +463,11 @@
   protection against address space discovery attacks.  Implemented first by
   Damien Miller (<a href="https://man.openbsd.org/OpenBSD-current/man8/sshd.8">sshd(8)</a> 2004), Claudio Jeker (<a href="https://man.openbsd.org/OpenBSD-current/man8/bgpd.8">bgpd(8)</a>, 2015), Eric Faurot (<a href="https://man.openbsd.org/OpenBSD-current/man8/smtpd.8">smtpd(8)</a>, 2016),
   Rafael Zalamena (various, 2016), and others.
+<li>The .o files of the kernel are relinked in random order from a link-kit,
+   before every reboot.  This provides substantial interior randomization in
+   the kernel's text and data segments for layout and relative branches/calls.
+   Basically a unique address space for each kernel boot, similar to the userland
+   fork+exec model described above but for the kernel.  Theo de Raadt, June 2017.
 </ul>
 
 <h3>Functions</h3>