World Playground Deceit.net

A bubblewrap wrapper

Published on
Tags: sh, programming

Since I finally got the energy to put my bubblewrap wrapper into shape enough to deserve its own repository, here's a small post about it.

First, the why: like everybody, I often have to handle complex and badly designed formats coming from untrusted sources (i.e. the web). And I have to do so using tools of questionable quality written in C; for good reasons, media encoding/decoding is one domain where performance truly matter and stuff like Rust didn't exist at the time (and Ada missed the train). I really don't want to rawdog notorious security disasters like PDF.

Tech Enthusiasts: Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via Alexa! I love the future!

Programmers / Engineers: The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise.

Security Technicians: *takes a deep swig of whiskey* I wish I had been born in the neolithic.

To "prove" that I'm not just a paranoid and autistic UNIX greybeard (I usually shave anyway), let me mention RLBox and wuffs as the mechanisms Firefox and Chromium use to very strongly secure (either by sandboxing or formal proof) their own media decoding pipelines.

The interface is quite simple. Behold the README examples!

$ ezbwrap magick color.png -colorspace Gray gray.png
$ ezbwrap curl https://gentoo.org | ezbwrap w3m -dump -T text/html
$ ezbwrap mupdf -- some.pdf
$ ezbwrap firefox

Belt, suspenders and diaper, I'm ready to take on any glowie.

A few small things I found while refactoring this:

  • At first, I aimed for zsh/pdksh compatibility but the dream died quickly. At first because I'd need to symlink zsh to bash to disable its retarded lowercase builtin variables (e.g. path and status), then because readarray/mapfile is bash only (though zsh has the ugly arr=(${(@f}$str})), then because pdksh doesn't have process substitution (!). The final nail in this idea's coffin was that namerefs (needed for these array utils) aren't in pdksh and work differently in zsh.
  • I found a cool use for nullglob (example from the mpv profile):
    # Fine, thanks to brace expansion
if [[ "$arg" =~ .cue$ ]]
then
    for f in "${arg%.cue}".{ape,flac,wav}
    do
        [ -f "$f" ] && bw_bind RO "$f"
    done
fi

# Much better!
if [[ "$arg" =~ .cue$ ]]
then
    bw_bind RO "${arg%.cue}".{ap[e],fla[c],wa[v]}
fi
  • Bash (and the fork-happy Bourne shell in general) is slow. To the point where I was forced to add a band-aid around my lf/nsxiv integration to avoid waiting seconds to display images. I plan on rewriting this in SBCL in the future; the only challenge being the need to replicate cmd 3 < <(foo) in a high level language.