snacktime <snacktime / gmail.com> wrote: > There really isn't anything you can do to make this safe. Even $SAFE > itself can be set to a different value from the usercode. No, it can't. At lower levels it throws a SecurityError saying it can't downgrade the safe level. At higher levels, it throws a SecurityError saying it can't "can't chage global variable value" (i.e. the rules of Level 4 inherently prevent you from changing the security level.) > Plus ruby > threads aren't real threads, so I think someone could just fork off a > new process, or at the least it would be easy to lock up your whole > application by calling some blocking operation that takes forever. > -- Ken Bloom. PhD candidate. Linguistic Cognition Laboratory. Department of Computer Science. Illinois Institute of Technology. http://www.iit.edu/~kbloom1/