> This potential privilege escalation isn't there so much as to prevent programs from getting real-uid == 0 as to prevent them doing something unintended, somewhat akin to accidentally rebooting the machine.
While this may be true in some cases, it is not in others. For example, in the case of linux vservers, capabilities are used to restrict the capabilities of the entire vserver. They are used as a mechanism to isolate vservers from the host. There is a mechanism for a host sysadmin to grant limited capabilities to a vserver when it needs to perform certain privileged operations. Therefor, it should be of concern if granting certain capabilities to a vserver means that users in that vserver can effectively gain more capabilities than the host sysadmin intended them to receive.