Hi,
I have seen Robert's post from Nov 13th and I would like to re-start this
discussion. "Walter Webcoder"(see 'Programming Ruby') did a first try and
Dave and Andy provided a (possible) solution to his work. My idea is to
provide an interactive Ruby interpreter (Ruby-cgi-script) on my upcoming
RubyCHannel-site(www.ruby.ch, not yet active). The interpreter should not
only allow calculating numbers, but show the "full power" of Ruby. I
therefore started working (i.e. one hour so far) on my own Sandbox. Here
you go: 

...
class Sandbox
  attr_reader @eval_output

  def initialize(level = 2)
    @level = level
    @eval_output = ''
  end  

  def system(cmd)
    print "You may NOT use 'system()' ;-)"
  end

  def require(modName)  
    print "You may NOT use 'require' ;-)"
  end

  def print(string)
    @eval_output += "\n" + string.to_s
  end

  def getContext
    return binding     
  end
  
  def execute(cmd)
    cmd.untaint
    sbThread = Thread.new {
      $SAFE = @level
      begin
        eval(cmd, getContext)
      rescue NameError
        print "An error occured"
      rescue SecurityError
        print "A security error occured"  
      end
    }
    sbThread.join()
  end
end

sandbox = Sandbox.new
sandbox.execute("system(\"rm -r /\")") 
print sandbox.eval_output 
==> 
"You may not use 'system()' ;-). 
A security error occured"
...

As you can see 'system' and 'require' are not accessible, all the "rest"
is. Also, tainted level is set to 2 (by default). The print method is
only overloaded in order to fetch the "print" statements in the
eval-uated code. Now I am pretty sure that I missed some "security
holes". Could you therefore please comment on this proposal. 

Regards
Clemens (the other ;-))