Already done

  • W^X for the kernel
  • NX bit

Low-Hanging Fruit

  • Audit filesystem privilege checks
  • Audit permissions of all folders in the default install
  • Audit all syscalls & ioctls (_control) for privilege checks.
    • _area functions probably need a lot of thinking here
  • Run the userland as a non-privileged user
  • Fuzz all in-tree parsers
    • driver settings format
    • message
    • rdef


  • Don't allow opening files by inode (requires ABI break)
    • maybe recursively checking permissions by recreating the path would do? (we don't support hardlinks on BFS anyway)
  • devfs filemodes
  • Spectre mitigations via GCC flags


Far Out

  • Capability-based permissions (Android-style, disableable & re-enableable), probably added to executable resources (+ package flags for letting the user agree on install?)
Last modified 3 years ago Last modified on Dec 12, 2018, 8:21:46 AM
Note: See TracWiki for help on using the wiki.