== Already done == * {{{W^X}}} for the kernel * SMEP/SMAP * ASLR & KASLR * NX bit == Low-Hanging Fruit == * Audit filesystem privilege checks * Audit permissions of all folders in the default install * Audit all syscalls & ioctls (_control) for privilege checks. * _area functions probably need a lot of thinking here * Run the userland as a non-privileged user * Fuzz all in-tree parsers * driver settings format * message * rdef * getentropy & arc4random (https://review.haiku-os.org/#/c/haiku/+/32/) * secure memory allocation (non-swappable and erased on free, eg. mmap + mlock, https://github.com/gpg/libgcrypt/blob/master/src/secmem.c) == Moderate == * Don't allow opening files by inode (requires ABI break) * maybe recursively checking permissions by recreating the path would do? (we don't support hardlinks on BFS anyway) * devfs filemodes * Spectre mitigations via GCC flags == Advanced == * [https://netbsd.org/gallery/presentations/maxv/kleak.pdf NetBSD/FreeBSD's KLEAK: Detecting Kernel Memory Disclosures] * [https://www.openbsd.org/papers/eurobsdcon2018-rop.pdf OpenBSD on mitigating ROP gadgets] * [https://twitter.com/tehjh/status/1046042401830309888?s=09 AT_BENEATH and other breakout mitigations for VFS] * Meltdown? == Far Out == * Capability-based permissions (Android-style, disableable & re-enableable), probably added to executable resources (+ package flags for letting the user agree on install?)