Contrasting the authority of code in different Architectures

Here are some points where a capability architecture limits the authority of code so as to limit the impact of compromised or malicious code. By contrast a Keykos system provides authority to programs that is very much smaller than even Unix or Mach. In contrast to the Unix kernel the Keykos kernel is perhaps 250 KB in size. Keykos has about as much code with ‘root access’ outside the kernel as in. In Unix much more code with root access is revealed by the shell commands
“ls -lL /usr/bin /usr/sbin | grep -e -sr” and
“ls -lL /usr/bin /usr/sbin | grep -e wsr”.

Another difference is that much administrative work in Unix requires the user to run with root privilege. This means that even those utilities that have no need of such access have it when used by the administrator doing such work.

Even correct and uncompromised code may become a confused deputy when it acts with various sources of authority.