Mandatory access controls, fine-grained capabilities, temporary capability grants, risk scoring, progressive disclosure, high-level intents that encapsulate permissions, and most importantly, an audit system.

We have the hindsight of developing highly distributed low-trust systems. We can do better than `curl -fsSL https://remote_install_script/ | sudo sh`.