Re: It doesn't matter that it doesn't relocate in RAM while running
The 'common interface point' is the syscall interface. This doesn't have to reveal anything about the underlying memory layout, any kernel addresses, etc. In fact, when it does, it's considered a security issue and fixed.
See my earlier posting giving an example of a kernel address leak via a syscall. This turned into https://nvd.nist.gov/vuln/detail/CVE-2017-14954
syscalls on x86/64 are typically done via the 'syscall' instruction (or the classic way of using a software interrupt, eg int 0x80 on Linux and int 0x2e on Windows). This does not, in itself, reveal any information that would be useful for an attacker. Userland code just invokes the magic instruction, and some time later the execution resumes and typically a register has changed so that it now holds the return value/error code. That's it.