> command buffers over shared memory are the correct way to do this

Sounds like a security nightmare.