Hi,

Okay, there are the different $SAFE levels. But why not simply removing 
dangerous methods, like:

   undef `
   undef system
   undef require
   ...

or replacing them by your own?

I guess, this is as secure as any $SAFE level (of course it depends on 
which methods you are removing). Or am I missing something? The problem 
is that this way you can't run other "good" code next to your "bad" code 
(as it is possible with $SAFE).

It would be very nice to execute some Ruby code in such a reduced 
environment without affecting the other "good" code:

   env = Environment.new
   env.remove_method :system
   env.remove_constant :ENV
   env.remove_global "$0"
   ...
   env.eval dangerous_code

   # or
   env = Environment.fresh
   env.add_method :system
   env.add_constant :ENV, ENV
   ...

BTW, is this possible to implement in Ruby or a C extension? I guess 
not. Or would it work with two (or multiple) anonymous modules, one for 
the good code, one for the bad code, and then by removing all 
methods/constants/global variables outside those two modules?

Regards,

   Michael