Augh. It worked in the testbed.
Try this variation:
Couldn't quite get anything to execute in this version
Spoke too soon:
str = "
c1 = Class.new(String) { |c|
def class
puts `ruby -v`
String
end
}
e = c1.new 'xx'
def e.to_s; self; end
def e.class; `ruby -v`; end
e
"
Will output:
ruby 1.8.2 (2004-07-29) [i386-mswin32]
xx
Made it!
Hope this thread managed to convince you that running code received
from
users (or otherwise untrusted) is always a Bad Thing(tm).
Which just reinforces my point above 