> ..
> > Each source code file will be asociated with a permission. The current
> > permission is the AND of the implies of the permissions of all the
> > files in the calling stack.
>
> The call stack would not be enough. Another .rb file might have been
> required or loaded, and it (or a method defined in it) may have done
> something that allows a method called later to violate its permissions.
> For example, the required file might open a file at an insecure
> location. The method that did this may no longer be on the stack when
> the file is written to (assuming permissions allow writing to an already
> open file handle).

I don't see why the stack isn't enough if method redefinition is not
allowed when there are not enough rights. If the file is open there,
it's a choice of the programmer. Notice that any direct action to open
the file would include the caller in the stack. And for indirect
actions, method redefinitions are disabled, so I can't think of any.
Can you show me another example?