I didn't use RestrictPython. I did manage to patch the __subclasses__() escape with a hack. if only I can patch the exceptions traceback too I think it will be good enough :)

edit: here are my silly little patches: https://github.com/hananbeer/cpython-toy-sandbox/commit/fa3f...

this is of course assuming exec(globals={..}) without certain builtins and is, again, not expected to use system apis like files or sockets or anything.