Mitigations


Mitigations halt programs which start misbehaving

Adopted some designs from others.  We are known for PUSHING
mitigations into mainstream use:

- stack protector (always enabled)
- W^X (always enabled)
- ASLR and guard pages (always enabled)
- malloc with seatbelts (always enabled)
- priv-seperation & priv-drop (always enabled)
...

Each mitigation is a 'correctness enforcement' ... being pushed
into a bug-ridden ecosystem

Your phone is more secure because we pushed these technologies
into mainstream use.

In OpenBSD, once a mitigation is working well, it cannot be
disabled.  Application bugs must be fixed.