== Low-Hanging Fruit == * Audit filesystem privilege checks * Audit permissions of all folders in the default install * Audit all syscalls & ioctls (_control) for privilege checks. * _area functions probably need a lot of thinking here * Run the userland as a non-privileged user * Fuzz all in-tree parsers * driver settings format * message * rdef * getentropy and arc4random (https://review.haiku-os.org/#/c/haiku/+/32/) * secure memory allocation (non-swappable and erased on free, eg. mmap + mlock, https://github.com/gpg/libgcrypt/blob/master/src/secmem.c) == Moderate == * ~~{{{W^X}}}~~ (now [https://git.haiku-os.org/haiku/commit/?id=cb0977326dd79327ff3e342816e0dd118019b058 done] for kernelspace) * Don't allow opening files by inode (requires ABI break) * devfs filemodes * Spectre mitigations via GCC flags == Advanced == * [https://netbsd.org/gallery/presentations/maxv/kleak.pdf NetBSD/FreeBSD's KLEAK: Detecting Kernel Memory Disclosures] * [https://www.openbsd.org/papers/eurobsdcon2018-rop.pdf OpenBSD on mitigating ROP gadgets] * [https://twitter.com/tehjh/status/1046042401830309888?s=09 AT_BENEATH and other breakout mitigations for VFS] * Meltdown? == Already done == * SMEP/SMAP * ASLR * execute disable