You write about Unix's /dev/null device in sandbox interface documentaion. Does sandbox code depends on it?

No. The only "strong" sandbox requirement is the GNU fopencookie function. The fopencookie function allows many tricks in sandbox. The rest of it is ANSI C / POSIX.

Is sandbox really safe?

Please, read the weaknesses topic. I promiss to write all know problems there.

Why do you write in such a bad English?

Sorry, I don't know how to write in English.