------_�extPart_001_01C46EA6.FBE45E81 Content-Type: text/plain; charset�s-ascii" Content-Transfer-Encoding: quoted-printable Maybe take inspiration from TCL's interp command (http://www.tcl.tk/man/tcl8.2.3/TclCmd/interp.htm), though that's a much heavier-weight solution? Al -----Original Message----- From: Michael Neumann [mailto:mneumann / ntecs.de] Sent: Tuesday, July 20, 2004 2:04 PM To: ruby-talk ML Subject: Safe Ruby Environment Hi, Okay, there are the different $SAFE levels. But why not simply removing dangerous methods, like: undef ` undef system undef require ... or replacing them by your own? I guess, this is as secure as any $SAFE level (of course it depends on which methods you are removing). Or am I missing something? The problem is that this way you can't run other "good" code next to your "bad" code (as it is possible with $SAFE). It would be very nice to execute some Ruby code in such a reduced environment without affecting the other "good" code: env = Environment.new env.remove_method :system env.remove_constant :ENV env.remove_global "$0" ... env.eval dangerous_code # or env = Environment.fresh env.add_method :system env.add_constant :ENV, ENV ... BTW, is this possible to implement in Ruby or a C extension? I guess not. Or would it work with two (or multiple) anonymous modules, one for the good code, one for the bad code, and then by removing all methods/constants/global variables outside those two modules? Regards, Michael ------_�extPart_001_01C46EA6.FBE45E81--