Building a Secure Code Execution Sandbox in Rust

I got annoyed.

I was looking at how most code execution platforms handle sandboxing and kept seeing the same pattern: throw it in a Docker container, set a timeout, call it secure. That's not sandboxing, that's hoping nothing goes wrong. So I built Custody to figure out what real isolation actually looks like when you have to think about every layer.

This isn't a tutorial. It's more of a breakdown of the decisions I made, why I made them, and what I'd change if I started over.

What I was defending against

Before touching any code I wrote out the threat model. Not because I was being formal about it, but because "secure code execution" means nothing unless you're specific about what you're securing against. My list:

I got annoyed.

This isn't a tutorial. It's more of a breakdown of the decisions I made, why I made them, and what I'd change if I started over.

What I was defending against

Building a Secure Code Execution Sandbox in Rust

Other newsrooms on this story

Building a Secure Code Execution Sandbox in Rust

Other newsrooms on this story

Related reading

I got tired of running Docker manually. So I built a sandbox for AI-generated…

Code And Let Live

Rust Crate 'onering' Compromised: Malicious Code Exfiltration Risk Mitigated…

What is Sandbox Security? | Docker

How to sandbox AI coding agents without crippling them

I Built My Own Container Runtime from Scratch Using Only Linux (No Docker, No…

Related reading

I got tired of running Docker manually. So I built a sandbox for AI-generated…

Code And Let Live

Rust Crate 'onering' Compromised: Malicious Code Exfiltration Risk Mitigated…

What is Sandbox Security? | Docker

How to sandbox AI coding agents without crippling them

I Built My Own Container Runtime from Scratch Using Only Linux (No Docker, No…