snacktime <snacktime / gmail.com> wrote:
> There really isn't anything you can do to make this safe.  Even $SAFE
> itself can be set to a different value from the usercode.

No, it can't. At lower levels it throws a SecurityError saying it
can't downgrade the safe level. At higher levels, it throws a
SecurityError saying it can't "can't chage global variable value"
(i.e. the rules of Level 4 inherently prevent you from changing the
security level.)

> Plus ruby
> threads aren't real threads, so I think someone could just fork off a
> new process, or at the least it would be easy to lock up your whole
> application by calling some blocking operation that takes forever.
> 

-- 
Ken Bloom. PhD candidate. Linguistic Cognition Laboratory.
Department of Computer Science. Illinois Institute of Technology.
http://www.iit.edu/~kbloom1/