So the exploit is that root can modify the files used to relink the kernel? Root can modify any files… what’s the point?

Additionally, OpenBSD leaks the state of the pseudorandom number generator to predictable locations on disk and in system memory at a fixed point during every start up and shutdown procedure.

…so, yeah, anyway…