Low-Hanging Fruit

• Audit all syscalls & ioctls (_control) for privilege checks.
  • _area functions probably need a lot of thinking here
• Run the userland as a non-privileged user
• Don't allow opening files by inode (requires ABI break)
• Fuzz all in-tree parsers
  • driver settings format
  • message
  • rdef

Moderate

• W^X

Advanced

• ​OpenBSD on mitigating ROP gadgets
• ​AT_BENEATH and other breakout mitigations for VFS