zlacker

[return to "Monty: A minimal, secure Python interpreter written in Rust for use by AI"]
1. c2xlZX+1u[view] [source] 2026-02-07 00:43:18
>>dmpetr+(OP)
Maybe a dumb question, but couldn't you use seccomp to limit/deny the amount of syscalls the Python interpreter has access to? For example, if you don't want it messing with your host filesystem, you could just deny it from using any filesystem related system calls? What is the benefit of using a completely separate interpreter?
◧◩
2. oofbey+fw[view] [source] 2026-02-07 01:06:59
>>c2xlZX+1u
Yours is a valid approach. But you always gotta wonder if there’s some way around it. Starting with runtime that has ways of accessing every aspect of your system - there are a lot of ways an attacker might try to defeat the blocks you put in place. The point of starting with something super minimal is that the attack surface is tiny. Really hard to see how anything could break out.
◧◩◪
3. ushako+By[view] [source] 2026-02-07 01:32:46
>>oofbey+fw
agree. you still need a secure boundary like VM to isolate the tenants in case the model breaks out of the sandbox.

everything that you don’t want your agent to access should live outside of the sandbox.

[go to top]