Fortuna

Both /dev/random and /dev/urandom are secure pseudo-random number generators, and both are seeded with external entropy in the same way. The only difference between both is that /dev/random blocks if the entropy estimate is too low, while /dev/urandom does not.

You could use Fortuna for /dev/random too, you would just need to add some sort of entropy estimator, to keep compatibility with userspace which expects it to block arbitrarily. Since most users (even cryptographic libraries) seem to use /dev/urandom, any problems with this entropy estimator would not affect them.

And for users of /dev/random, you would gain the advantage that the quality of the random numbers would not be affected by bugs on the entropy estimator.

Yes, an overestimation would that mean more numbers would be generated from the same amount of entropy. But Fortuna (and Yarrow) is designed so that, as long as the generator has more than a minimum amount of good quality entropy to start with (256 bits IIRC), and the state is not compromised, the output is secure even without reseeding (if the state can be compromised from the output, AES is broken and you have bigger problems). After the initial seeding, the reseeding is there only to recover if the generator state is compromised; see the presentation for more details.