I wonder if there's a way to configure it so that when the parent cmd is a trusted command (say, a bash/zsh owned by the user), it could let the curl command through and otherwise block it. But yeah, that seems like a bit of a hassle.
The bash command line wouldn't be the same as the one launched by your terminal, though. But yes, I’m sure there are myriad exploits around something like that.
What could work instead is something where you run a command like `opensnitch-context dev` and it would talk to the running daemon to do proper authentication ("do you want to allow this context to be used?") and then hopefully some other magic (cgroups?) to know if the processes are part of that context even if they are sparse/nested child processes.
