Mitigations


Mitigations limit/catch programs which start misbehaving

Adopted designs from others.  We are known for PUSHING them
into mainstream use

- stack protector (always enabled)
- W^X (always enabled)
- ASLR and gaurd pages (always enabled)
- malloc with seatbelts (always enabled)
- priv-seperation & priv-drop (always enabled)

Rather small concepts being pushed ... into a bug-ridden ecosystem

Once working, these "features" cannot be disabled.  Application
bugs must be fixed