In this chapter, the reader has been taken through important ideas on the design and implementation of the modern POSIX capabilities model (on the Linux OS). Among other things, we have covered what POSIX capabilities are, and, crucially, why they are important, especially from the viewpoint of security. The embedding of capabilities into a runtime process or binary executable was also covered.
The whole intent of the discussion, which started in the previous chapter, is to open the application developer's eyes to key security issues that arise when developing code. We hope we have left you, the reader, with a feeling of urgency, and of course the knowledge and tools to deal with security in a modern manner. Today's applications have to not just work; they have to be written with security in mind! or else...