Capability-based security is to be contrasted with an approach that uses traditional UNIX permissions and access control lists.
Although most operating systems implement a facility which resembles capabilities, they typically do not provide enough support to allow for the exchange of capabilities among possibly mutually untrusting entities to be the primary means of granting and distributing access rights throughout the system.
Capabilities achieve their objective of improving system security by being used in place of forgeable references.
Consequently, any attempt to access the referenced object must be validated by the operating system, based on the ambient authority of the requesting program, typically via the use of an access-control list (ACL).
The capability logically consists of a reference that uniquely identifies a particular object and a set of one or more of these rights.
Suppose that, in a user process's memory space, there exists the following string: Although this identifies a unique object on the system, it does not specify access rights and hence is not a capability.
A key feature of this arrangement is that the file descriptor table is in kernel memory and cannot be directly manipulated by the user program.
They become susceptible to a programming error known as the confused deputy problem, very frequently resulting in a security hole.
Portable Operating System Interface (POSIX) draft 1003.1e specifies a concept of permissions called "capabilities".
[2] Notable research and commercial systems employing capability-based security include the following: POSIX "capabilities" in Linux: