By the way, it's instructive to consider why that last example isn't a tiny capability system.
The answer is: it is a capability system -- or would be, except that something has been ADDED to that clean cap system, which is the ambient authority provided by the open() system call. If not for that (and similar), cp in that second example would be unable to access other files than those.
plash implemented a shell lacking that ambient authority (with limitations due to limited sandboxing at the time) by means of sandboxing at the command level. If I recall correctly you could use it with commands like the first one above, but the resulting semantics were more like the second command: cp could only read foo.txt, and only write bar.txt. In a capability OS (like Google Magenta?) that sandboxing would not be necessary (but OS-level caps are only part of the cap story).
The answer is: it is a capability system -- or would be, except that something has been ADDED to that clean cap system, which is the ambient authority provided by the open() system call. If not for that (and similar), cp in that second example would be unable to access other files than those.
plash implemented a shell lacking that ambient authority (with limitations due to limited sandboxing at the time) by means of sandboxing at the command level. If I recall correctly you could use it with commands like the first one above, but the resulting semantics were more like the second command: cp could only read foo.txt, and only write bar.txt. In a capability OS (like Google Magenta?) that sandboxing would not be necessary (but OS-level caps are only part of the cap story).