Wow, MenTaLguY has worked up a patch[1] to ruby-1.8.5 and ruby_1_8 branch for
Thread#kill!.  This method really kills a thread, circumventing ensure.

I have got this working with my sandbox extension and it fills a major security
hole for me.  But, beyond my extension, some are using $SAFE threads to sandbox.

  [ruby-core:05966] $SAFE=4 is still dangerous to use as a sandbox

$SAFE = 4 will not work unless Thread methods are banned from level 4 and
`ensure` is circumvented.  Sandbox simply does not have the Thread class.

Also, here is example code to demonstrate:

  th = Thread.new {
       $SAFE = 4
       eval %{
          endless = proc do
            begin
              loop {}
            ensure
              endless.call
            end
          end
  
          endless.call
       }
  }
  th.join(2)
  th.kill!

Try with `kill` and `kill!`.  Thankyou, mental!

_why

[1] http://code.whytheluckystiff.net/svn/sandbox/trunk/patch/ruby-1.8.5-thread_kill_bang.patch