Shrinking Linux Attack Surfaces
Often, a kernel developer will try to reduce the size of an attack surface against #Linux, even if it can't be closed entirely. It's generally a toss-up whether such a patch makes it into the kernel...
https://www.linuxjournal.com/content/shrinking-linux-attack-surfaces …