Editing Capability-based security (section)

==Examples==
A capability is defined to be a protected [[object (computer science)|object]] reference which, by virtue of its possession by a user process, grants that process the capability (hence the name) to interact with an object in certain ways. Those ways might include reading data associated with an object, modifying the object, executing the data in the object as a process, and other conceivable access rights. The capability logically consists of a reference that uniquely identifies a particular object and a set of one or more of these rights.

Suppose that, in a user process's memory space, there exists the following string:

 /etc/passwd

Although this identifies a unique object on the system, it does not specify access rights and hence is not a capability. Suppose there is instead the following pair of values:

 /etc/passwd
 O_RDWR

This pair identifies an object along with a set of access rights. The pair, however, is still not a capability because the user process's ''possession'' of these values says nothing about whether that access would actually be legitimate.

Now suppose that the user program successfully executes the following statement:
<syntaxhighlight lang="c">int fd = open("/etc/passwd", O_RDWR);</syntaxhighlight>

The variable <code>fd</code> now contains the index of a file descriptor in the process's file descriptor table. This file descriptor ''is'' a capability. Its existence in the process's file descriptor table is sufficient to show that the process does indeed have legitimate access to the object. A key feature of this arrangement is that the file descriptor table is in [[kernel (operating system)|kernel memory]] and cannot be directly manipulated by the user program.