I'm trying to document all the various taint checks in the
interpreter. So far I have:

$SAFE >= 1
  * The environment variables RUBYOPT and RUBYLIB are not
    processed.
  * The command line options -e, -i, -I, -r, -s, -S, and -x are
    not allowed.
  * The current directory is not added to the path.
  * Processes cannot be exec'd from \CF{\$PATH} if any directory
    in it is world-writable.
  
$SAFE >= 2
  * Can't load file in world-writable directory.
  * Can't load a file from a tainted filename starting with ~.
  
$SAFE >= 3
  * All objects are created tainted.

$SAFE >= 4
  * Can't modify non-tainted array, hash, or string.
  * Can't modify global variable.
  * Can't access instance variables of non-tainted objects.
  * Can't change environment variable.
  * Can't close or reopen non-tainted files.
  * Can't freeze non-tainted objects.
  * Can't get meta information (such as method or variable lists).
  * Can't define, redefine, remove, undef method in a non-tainted
    class or module.
  * Can't remove instance variables or consts from non tainted
    objects.
  * Can't set priority of other threads.
  * Can't have thread local variables.


Am I missing anything obvious, and does this list make sense?


Thanks


Dave