It's the first item of a lot of personal projects (dreams) I have.
I'll name a few:

* Hosting services can set permissions for each ruby on rails (or
another ruby framework) application. All the applications run in the
same Apache instance.
* Ruby Web Start (combine the securedruby extension with rubygems and
voila!, ruby applications run from any web-server and they don't break
the user's computer).
* Implement a pure ruby version of the Seti program. Users would
download several projects simultaneously and they don't have to bother
to secure their machines from the code that is downloaded to them.

All these projects need fine grained security constraints like the Java
Virtual Machine has. But Ruby is a better language than Java and I
prefer to be able to run the code in a free platform (free as defined
by the Free Software Foundation). And I prefer to use an existing
language than start from scratch.

And, by the way, this is a personal project. I wanted to have the
feeling to program in a highly dynamic language. Most of my
professional experience is in Java and I feel I'm missing something.
That's why I'm tackling a problem that goes to the root of the
language.

I'm glad you asked.
Aureliano.

> >I'm trying to implement something similar to the Java Security Manager
> >for Ruby. The project is currently in prealpha stage at rubyforge
> >(http://securedruby.rubyforge.org).
> >
> >
> Why are you trying to implement this? If it's just for fun & greater
> understanding of Ruby, then, well, good luck. :) And my guess in that
> case is that you're going to have to develop a pre-processor or
> interpreter through which everything is fed, or you're going to have to
> modify Ruby's C code*. I'd also guess that any general implementation
> you come up with will not be seen as useful -- not because it's no good,
> but because there's no perceived need in the Ruby community for such a
> thing right now.
>
> If it's for a purpose (for use in some other project of yours), then I'd
> suggest to focus on the particular aspect of security that affects you.
> If it's file access, then relying on operating-system ACLs might be your
> best bet, as ES suggested. Of course having the ACLs for a process
> change _while it's running_ is outside the scope of the setuid bit, so,
> again, context is needed. Are these plugins? 'Servlets'? What is the
> code you're trying to hamper and how is it being served?
>
> In any case, I'd suggest to narrow your scope to one particular item of
> security at a time, if only to subdivide your task into tacklable subtasks.
>
> Devin
>
> *Or this:
> Module.constants.each { |const|
>   self.class.send :remove_const, const
> }
> self.class.ancestors.each { |mod|
>   mod.class_eval {
>     instance_methods.each {|meth| undef_method meth}
>   }
> }
> puts 'hello'
> 
> But I imagine there's a leak somewhere in there.