It seems that Ruby sandboxing works on the basis of tainting only. How do you set up a function environment in which you can run some "function" (be it a literal function, script, whatever) that works just like anything else, except that certain functions are not available? It sounds like you have to "increase the safe level" and then make sure that the functions you don't want are "untainted"; is that indeed the case? Is there an easy way to encapsulate this whole process of creating a sandbox environment so that you can move it around?

Seems to me each thread of execution would be its own environment. Perhaps defining a function in a child thread would make it private?

It's based on SAFE levels; those above 0 enable tainting and taint checking. SAFE levels implement cumulative execution environment restrictions as the level increases, some of which define the usage of taint and untainted objects.



Ruby is object oriented and everything is an object, so that functions cannot exist independent of objects. Taintedness only exists as a property of objects. So that's where you'd start with implementing something like "function" restrictions (i.e. objects that delegate or are composed of other objects that contain restricted or unrestricted functions).

lol taint