Reinventing the privilege drop: how principled preservation of programmer intent would prevent security bugs.