> [local exploit] is a huge distance from [remote exploit].
indeed, but not in the sense you meant it probably ;). it appears you're not the only one not getting spender's post, so here's the simplified logic:
1. some sw runs with privileges (uid or caps)
2. said sw may have exploitable bugs
the question we want to answer is whether we're better off with the uid or the caps based system, security-wise, that is. notice the a priori assumption in 2. it doesn't matter what way you exploit the target, in both privilege systems you get to do the same thing: act as the target. so if you get injected code execution in the target, you get to do whatever you want while having a privileged uid or some caps (if you get to control less in the target, you get to do less in either case too, not just one of them). now with that in mind the question reduces to this: by having a given capability, can one eventually do the same thing as a privileged uid? if the answer is yes, then said capability is not actually useful (and is quite unfixable short of capability explosion). why everyone is or should be interested in this question is also simple: the raison d'etre of capabilities is/was the promise of reduced damage from eventual compromise of privileged targets.
PS: 2 days is nothing for a real life attacker. not even 2 years.