Posted Nov 1, 2007 13:57 UTC (Thu) by dwheeler (guest, #1216)
Parent article: Fixing CAP_SETPCAP
Unfortunately, the word "capabilities" in the security world has two not-very-similar
meanings: "POSIX capabilities" and "regular capabilities". The POSIX folks wanted to add some
of the features of a "capability" system, but by the time they were done, they ended up with
sets of bits that really were nothing like a real capability-based system. Capability-based
systems are uncommon today, but they exist; EROS is a good example.