Removing syscall() from OpenBSD

For a view into the OpenBSD approach to security, see this message from
Theo de Raadt, where he describes a plan to remove the syscall() system call
(which allows the invocation of any available system call by providing its
number) from the kernel. The purpose, of course, is to make it harder for
an attacker to invoke an arbitrary system call, even if they are able to
run some code on the target system.

I hope I am forcing attack coders into using increasingly more
complicated methods. Same time, it means fewer methods are
available. Other methods make exploitation more fragile. This is
pushing success rates into 'low-percent statistical' success. If
we teach more software stacks to 'fail hard, don't try to
recover', that is an improvement in security.