== Low-Hanging Fruit == * Audit filesystem privilege checks * Audit permissions of all folders in the default install * Audit all syscalls & ioctls (_control) for privilege checks. * _area functions probably need a lot of thinking here * Run the userland as a non-privileged user * Fuzz all in-tree parsers * driver settings format * message * rdef == Moderate == * {{{W^X}}} (now [https://git.haiku-os.org/haiku/commit/?id=cb0977326dd79327ff3e342816e0dd118019b058 done] for kernelspace) * Don't allow opening files by inode (requires ABI break) * devfs filemodes * Spectre mitigations via GCC flags == Advanced == * [https://netbsd.org/gallery/presentations/maxv/kleak.pdf NetBSD/FreeBSD's KLEAK: Detecting Kernel Memory Disclosures] * [https://www.openbsd.org/papers/eurobsdcon2018-rop.pdf OpenBSD on mitigating ROP gadgets] * [https://twitter.com/tehjh/status/1046042401830309888?s=09 AT_BENEATH and other breakout mitigations for VFS]' * Meltdown?