The kdbuswreck

You should not confuse POSIX.1e capabilities, as implemented by Linux, with the capabilities described in security research literature for many years, which are quite precisely defined (and I really wonder why the POSIX committee used that term).

Linux also has *those* capabilities (in a very limited form), they are just called "file descriptors".

The closest you're going to get to a capability-based security model with a traditional UNIX-like kernel is Capsicum.

http://lwn.net/Articles/482858/

(Insert standard rant about kids these days thinking that "operating system" is a synonym for UNIX)