On Dec 13, 2005, at 10:22 PM, malcolm.ryan / gmail.com wrote:

> I'm thinking about building a new MUD server (for those who are less
> ancient than I, think "MUD == text only MMORPG"). I'd like to allow
> players to build and program objects in the world, but I'd rather  
> avoid
> having to write my own programming language. I was wondering  
> whether an
> existing scripting language like Ruby might be useable?
>
> The first problem is, of course, that I don't want the players to be
> able to do _everything_ the language offers. Their code should only
> affect the running of the world, and they should not be able to change
> or delete files on my system or do other nasty things.
>
> I'm aware of the $SAFE setting and the tainting procedure, but I'm not
> sure how I could use this to do what I want. Any suggestions?
>
> Malcolm
>
>

This is the usual idiom for "super" safe code:

Thread.new do
     $SAFE = 4
     eval(code)
end

However, someone will always find a way to mess things up. What I  
would suggest is a combination of this plus having the mud running in  
at least two processes. The one on which the user code runs would run  
as a user with almost no filesystem permissions, but would have a way  
to communicate with the other process (such as drb). You then provide  
an API to do things that require persisting stuff to disk. ie rather  
that them doing

File.open("new_character_class.class", "w") do |file|
  # create a chraacter class
end

you have something like:

CharacterClass.add_class("new_character_class", ...)