I would caution against thinking about sandboxing X and Z. It seems that, if we want to do something meaningful here, we first should come up with an allow list of operations that is safe for untrusted code.
00:51:35|~/projects/cargo-pwned|HEAD⚡?
λ cargo metadata
warning: please specify `--format-version` flag explicitly to avoid compatibility problems
error: `rustc -vV` didn't have a line for `host:`, got:
PWNED
00:51:43|~/projects/cargo-pwned|HEAD⚡?
λ rustc -v
PWNED
PWNED
PWNED
PWNED
PWNED
PWNED
error: infinite recursion detected
00:51:46|~/projects/cargo-pwned|HEAD⚡?
λ exa -T .cargo/
.cargo
├── bin
│ └── rustc
├── config
└── x
00:51:51|~/projects/cargo-pwned|HEAD⚡?
λ bat -p rust-toolchain.toml
[toolchain]
path = "./.cargo/"
00:51:53|~/projects/cargo-pwned|HEAD⚡?
λ bat -p .cargo/config
[build]
rustc = "./.cargo/x"