More intriguing, why does it work via Proc#call, but never when passing a block (even after it’s been lambda-ized)?

Isn’t this related to the lambda being created before setting $SAFE? Regarding the block use: I guess that could be related to instance_eval(&pr).

flgr: That’s the point—the lambda seems to capture the current value of $SAFE as part of its environment.

Though, only if you call it via Proc#call object—not if you yield to it. Which is the weird thing.

Could you elaborate on the instance_eval thing? Fixnum#times just yields.

the feature. the code wrapped in the lambda is trusted in the level of $SAFE at the time of creation, so that it preserves $SAFE level. If you have found a hole in my logic, enlighten me, please.

Hi matz. That seems reasonable.

However, why does yield ignore saved $SAFE level?

two reasons: a) yield sometimes tweak the environment (e.g. self) so that the execution might not be safe anymore. b) it is far more difficult to make it work properly (even if there could be a proper behavior) by the implementation issue.

Good answers. Thankyou, Matz.

I like this. It’s a great way of straddling two or more security levels at once without needling to split threads.

Wondering. Are there Railsers who use $SAFE?

I have an IRC bot that allows users to update modules and channel protection code. I trust them to admin my channel, but not to run arbitrary code on my computer.

$SAFE lets me run their code with a relative degree of safety.

I am least surprised that Continuation also captures $SAFE:

cont = nil
ret = callcc { |cont| nil }
if ret
  p $SAFE
  ret.call
end

$SAFE = 4

callcc &cont.method(:call)

I have tried it in the past and Rails got really mad at me.