untrusted comment: signature from openbsd 6.2 base secret key
RWRVWzAMgtyg7lMsPPbcYl2vMYNdpJMTmFEMCMuox1ur8Arc3LSJFV29d0b1qTg4xz4uFbs8UuvbQ8OeDhyNjeRvFdL/xX48JgA=

OpenBSD 6.2 errata 002, December 1st, 2017:

The fktrace(2) system call had insufficient security checks.
This patch disables fktrace(2).

Apply by doing:
    signify -Vep /etc/signify/openbsd-62-base.pub -x 002_fktrace.patch.sig \
        -m - | (cd /usr/src && patch -p0)

And then rebuild and install a new kernel:
    KK=`sysctl -n kern.osversion | cut -d# -f1`
    cd /usr/src/sys/arch/`machine`/compile/$KK
    make obj
    make config
    make
    make install

Index: sys/kern/kern_ktrace.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_ktrace.c,v
retrieving revision 1.92
diff -u -p -r1.92 kern_ktrace.c
--- sys/kern/kern_ktrace.c	12 Aug 2017 00:03:10 -0000	1.92
+++ sys/kern/kern_ktrace.c	29 Nov 2017 22:32:01 -0000
@@ -525,31 +525,7 @@ sys_ktrace(struct proc *p, void *v, regi
 int
 sys_fktrace(struct proc *p, void *v, register_t *retval)
 {
-	struct sys_fktrace_args /* {
-		syscallarg(int) fd;
-		syscallarg(int) ops;
-		syscallarg(int) facs;
-		syscallarg(pid_t) pid;
-	} */ *uap = v;
-	struct vnode *vp = NULL;
-	int fd = SCARG(uap, fd);
-	struct file *fp;
-	int error;
-
-	if (fd != -1) {
-		if ((error = getvnode(p, fd, &fp)) != 0)
-			return error;
-		vp = fp->f_data;
-		vref(vp);
-		FRELE(fp, p);
-	}
-
-	error = doktrace(vp, SCARG(uap, ops), SCARG(uap, facs),
-	    SCARG(uap, pid), p);
-	if (vp != NULL)
-		vrele(vp);
-	
-	return error;
+	return ENOSYS;
 }
 
 int