Re-link (only the newest) libc.so, placing the objects in a random

order.
with shell script assistance from rpe

src/etc/rc

@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.474 2015/12/29 19:41:24 rpe Exp $
+#	$OpenBSD: rc,v 1.475 2016/04/26 14:56:14 deraadt Exp $
 
 # System startup script run by init on autoboot or after single-user.
 # Output and error are redirected to console by init, and the console is the
@@ -158,6 +158,35 @@ make_keys() {
 	ssh-keygen -A
 }
 
+rebuildlibs() {
+	local _l _liba _libas _tmpdir
+
+	# Only choose newest
+	for _liba in /usr/lib/libc.so.*.a; do
+		_liba=$(ls ${_liba%%.[0-9]*}*.a | sort -n | tail -1)
+		for _l in $_libas; do
+			[[ $_l == $_liba ]] && continue 2
+		done
+		_libas="$_libas $_liba"
+	done
+
+	for _liba in $_libas; do
+		_tmpdir=$(mktemp -dq /tmp/_librebuild.XXXXXXXXXXXX) || return
+		(
+			set -o errexit
+			_lib=${_liba#/usr/lib/}
+			_lib=${_lib%.a}
+			cd $_tmpdir
+			ar x ${_liba}
+			cc -shared -o $_lib $(ls *.so | sort -R) $(cat .ldadd)
+			[[ -s $_lib ]] && file $_lib | fgrep -q 'shared object'
+			LD_BIND_NOW=1 LD_LIBRARY_PATH=$_tmpdir awk 'BEGIN {exit 0}'
+			install -S -o root -g bin -m 0444 $_lib /usr/lib/$_lib
+		)
+		rm -rf /tmp/_librebuild.${_tmpdir#*.}
+	done
+}
+
 # Check filesystems, optionally by using a fsck(8) flag.
 # Usage: do_fsck [-flag]
 do_fsck() {
@@ -338,6 +367,8 @@ mount -s /var >/dev/null 2>&1
 
 random_seed
 
+rebuildlibs
+
 # Clean up left-over files.
 rm -f /etc/nologin /var/spool/lock/LCK.* /var/spool/uucp/STST/*
 (cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; })