Rice’s theorem. btw capabilities are cool but it’s very difficult to actually deploy them to real-world software without accidentally giving things more access than intended.
Rice's theorem can quickly prove that antivirus software is always a waste of time, so that's a plus. It can not, however, do anything to help jailbreak out of a process that has no access to the outside, no matter how evil or clever it (the code in that process) is.
Think of capabilities as cash in your wallet... fairly easy to manage, as long as you can secure the wallet.
