We need a new suite of utilities with defined R/W/X properties, like a find that can't -exec arbitrary programs. Ideally the programs would have a standard parseable manifest.
I've seen this before with sodoers programs including powerful tools. Saw one today with make, just gobsmacked.
