== Low-Hanging Fruit ==

 * Audit all syscalls & ioctls (_control) for privilege checks.
   * _area functions probably need a lot of thinking here
 * Run the userland as a non-privileged user
 * Don't allow opening files by inode (requires ABI break)
 * Fuzz all in-tree parsers
   * driver settings format
   * message
   * rdef
  

== Moderate ==

 * {{{W^X}}}

== Advanced ==

 * [https://www.openbsd.org/papers/eurobsdcon2018-rop.pdf OpenBSD on mitigating ROP gadgets]
 * [https://twitter.com/tehjh/status/1046042401830309888?s=09 AT_BENEATH and other breakout mitigations for VFS]