Not only are system components limited to their own category (such as file system logic), they are limited to their own particular files.
If one malicious user finds a flaw in file system logic, he can exploit that flaw but the resulting misbehavior of the file logic will be limited to his file!