I wonder what horrors you can subject the user to with only modifying the kernel. Nothing to kill the machine, but some sort of trickery involving messing with argv or randomly messing with process memory and silently prevent the resulting mess from being sent a SIGSEGV.