I read "hacking blind." Can you restart a daemon with another forked process that's only job is to monitor a pipe or a waitpid()-like operation and if the parent dies, it exec's to restart it, or even execs "rcctl restart ntpd"
If the mitigations are successful at limiting execution to let's say, overwriting a canary that gets completely rerandomized with a fork-exec, instead of just a fork, it would stop a meaningful search for the correct canary to just blind luck instead of byte by byte discovery.
