it seems that starting kernel 2.2, they introduced the concept of Capabilities. According to the unix man page on capabilities, it says if you’re not a root user, you can grant yourself of capabilities by calling cap_set_proc per thread basis. So does this mean that if you’re writing a malware for unix, do you just grant yourself bunch of capabilities and compromise the system? If not, how does one grant capabilities required to run the program?

it seems that Unix’s security model is quite flawed primitive. Am I getting this right?

I’ll go more specific:

How do you (when running as a non-root user) send a signal to another process that is running under different user? On signal man page, it says you need CAP_KILL capability to perform this. However, reading the capabilities man page, I’m not sure how I can grant a process that capability.