The problem is that setting up namespaces really needs a clone() call where you continue execution in the child process before actually jumping into the target code, and AFAIK a lot of non-C languages don't really support that all that well without some pretty gnarly FFI shenanigans: plain fork() or clone() can hurt pretty bad for processes with a lot of frequently-touched RAM like a JVM (or anything with a compacting GC, really), and the mitigations for that are "do not use this for anything but immediately calling exec()" levels of footgun, so you'd practically need to call into a separate executable regardless...
At least since you're usually passing the argv array directly to bwrap instead of a single big string that needs to be parsed, it's not anywhere *near* as prone to command injection vulnerabilities as system() is, since it's much harder to confuse something that doesn't really need to actually *parse* all that much...
Emelia/Emi
npub18a…7pj7v
2025-03-05 04:20:55 UTC
in reply to nevent1q…9zer
Author Public Key
npub18awg073vadjxw7vst9v3dduvxjulc7x7jjyskvqkjfa99xn28zdqj7pj7vSeen on
wss://relay.momostr.pinkPublished at
2025-03-05 04:20:55 UTCEvent JSON
{
"id": "811e63b8ce6c446a5d4024af5eb68e452634b965713897ad0775301f524202f6",
"pubkey": "3f5c87fa2ceb64677990595916b78c34b9fc78de94890b3016927a529a6a389a",
"created_at": 1741148455,
"kind": 1,
"tags": [
[
"p",
"4014f060ca2d2c1ededbca93ba6100f82d96b0bcadba56a82f0ecc9ab1d468c0"
],
[
"p",
"8ab44a84fb757fea3c983e68a9bcc8e331fa49ed99cfcfd06a4499d542eae93c"
],
[
"proxy",
"https://tech.lgbt/@becomethewaifu/114107905148000435",
"web"
],
[
"e",
"65c2ab932b24ad388ebc7853cf37645c462438cf8289ff33bb25d7198323509f",
"",
"root",
"4014f060ca2d2c1ededbca93ba6100f82d96b0bcadba56a82f0ecc9ab1d468c0"
],
[
"p",
"3f5c87fa2ceb64677990595916b78c34b9fc78de94890b3016927a529a6a389a"
],
[
"e",
"85b1824d0790a496fab9f3624c9e52368d6b15981bc6269f3e3ef09151d0c5fa",
"",
"reply",
"8ab44a84fb757fea3c983e68a9bcc8e331fa49ed99cfcfd06a4499d542eae93c"
],
[
"proxy",
"https://tech.lgbt/users/becomethewaifu/statuses/114107905148000435",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://tech.lgbt/users/becomethewaifu/statuses/114107905148000435",
"pink.momostr"
],
[
"-"
]
],
"content": "The problem is that setting up namespaces really needs a clone() call where you continue execution in the child process before actually jumping into the target code, and AFAIK a lot of non-C languages don't really support that all that well without some pretty gnarly FFI shenanigans: plain fork() or clone() can hurt pretty bad for processes with a lot of frequently-touched RAM like a JVM (or anything with a compacting GC, really), and the mitigations for that are \"do not use this for anything but immediately calling exec()\" levels of footgun, so you'd practically need to call into a separate executable regardless...\n\nAt least since you're usually passing the argv array directly to bwrap instead of a single big string that needs to be parsed, it's not anywhere *near* as prone to command injection vulnerabilities as system() is, since it's much harder to confuse something that doesn't really need to actually *parse* all that much...",
"sig": "37130a4426e91229dbe0348a9ea8bb7215815b588c615f63bc8c4a81822d32c676111250f535a9544980aba80de283e8a67370f281f016e1446c626341760fbf"
}