Comment by KerrAvon

>Is this duct tape over historical architectural decisions that assumed trust?

Yes, it's all making up for flaws in the original Unix security model and the hardware design that C-based system programming encourages.

> Could we design something with less complexity if we designed it from scratch? Are there any operating systems that are designed this way?

Yes, capability architecture, and yes, they exist, but only as academic/hobby exercises so far as I've seen. The big problem is that POSIX requires the Unix model, so if you want to have a fundamentally different model, you lose a lot of software immediately without a POSIX compatibility shim layer -- within which you would still have said problems. It's not that it can't be done, it's just really hard for everyone to walk away from pretty much every existing Unix program.