Not just $SAFE, but damn $SAFE

Augh. It worked in the testbed.
Try this variation:

Couldn't quite get anything to execute in this version (I actually
solved my own hack yesterday after posting - by adding remove_method
:class just before you include Safe).
But that just means I couldn't hack it, not that it's not breakable.

All that said, I can always be annoying if I wish - watch your machines
memory and cpu when fed this:

str = "x = ; 0.upto(1.0/0) { x << Class.new }"

Hope this thread managed to convince you that running code received from
users (or otherwise untrusted) is always a Bad Thing(tm).

All that said, I can always be annoying if I wish - watch your machines
memory and cpu when fed this:

str = "x = ; 0.upto(1.0/0) { x << Class.new }"

Hope this thread managed to convince you that running code received from
users (or otherwise untrusted) is always a Bad Thing(tm).

You get five seconds. Then we kill your thread.

symbol memory exhaustion is one unsolved issue, though.