Secimport Versions Save

eBPF Python runtime sandbox with seccomp (Blocks RCE).

v0.10.0

3 weeks ago

Added dockerfile support for M3 silicon (Apple Macbooks)
Fixed utils bug that raised error if module name was empty (happens some times because of the way python modules are executed)

v0.9.2

6 months ago

Add warning for --with-dtrace support for python
Make trace.bt support any path to the python interpreter
Add info about "Could not resolve symbol" error on Ubuntu to FAQ.md
https://github.com/avilum/secimport/pull/27
https://github.com/avilum/secimport/pull/28
https://github.com/avilum/secimport/pull/29

v0.9.1

11 months ago

Added nsjail support
Imroved CLI
Improved documentation
General bugfixes

v0.9.0

11 months ago

Added nsjail support

v0.8.2

1 year ago

0.8.2

1 year ago

Added docker build and push to GH Actions

v0.8.1

1 year ago

Blocking the following insecure syscalls by deafult in secimport build:


INSECURE_SYSCALLS = [
    "vfork",
    "clone",
    "access",
    "chdir",
    "creat",
    "dup",
    "dup2",
    "execve",
    "faccessat",
    "fcntl",
    "fdatasync",
    "fork",
    "fstat",
    "fsync",
    "getegid",
    "geteuid",
    "getgid",
    "getgroups",
    "getpid",
    "getppid",
    "getrlimit",
    "getsockname",
    "getsid",
    "getuid",
    "ioctl",
    "link",
    "lseek",
    "lstat",
    "mkdir",
    "mknod",
    "open",
    "openat",
    "pipe",
    "poll",
    "read",
    "readlink",
    "readv",
    "recvfrom",
    "recvmsg",
    "rename",
    "rmdir",
    "select",
    "sendmsg",
    "sendto",
    "setgid",
    "setgroups",
    "setpgid",
    "setpriority",
    "setregid",
    "setreuid",
    "setrlimit",
    "setsid",
    "setsockopt",
    "stat",
    "symlink",
    "truncate",
    "umask",
    "utime",
    "utimes",
    "write",
    "writev",
]

v0.8.0

1 year ago

Added STOP and KILL flags
Improved documentation
Docker bugfixes

0.7.3

1 year ago

Added github actions :)

0.7.3.1

1 year ago

Added github actions build and push to pypi on merge to master branch