Sandbox Insulation Boosted with Secimport 0.8 for Python Modules

Secimport 0.8, a tool written in Python, has been launched under the MIT license and is now available for use in macOS, Solaris, Linux, and Windows. The tool enables developers to isolate specific Python modules when using them in projects.

Two subsystems, DTRACE and EBPF, are employed to monitor the execution and blocking of system calls. Developers can use the tool to generate a profile of the execution of each module used in the application. In addition to aiding debugging efforts, developers can use a special binding to isolate selected system calls that are potentially vulnerable, or to prevent the use of modules that are not trustworthy.

Secimport can also be used to selectively block dangerous system calls, like those related to file access, network operations, or process launching. For Linux system calls, developers can use the BPFTRACE package, while for macOS, Solaris, and Windows, the DTRACE tool is used. Secimport is designed to have minimal performance impact on applications.

Interested developers can find more information on this tool in the secimport GitHub release page here: https://github.com/avilum/secimport/releases and the secimport Wiki page here: https://github.com/avilum/secimport/wiki/.

/Reports, release notes, official announcements.