Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Eval
Top Forums Shell Programming and Scripting Eval Post 302798443 by Corona688 on Wednesday 24th of April 2013 12:21:05 PM
Old 04-24-2013
Quote:
Originally Posted by rbatte1
Out of curiosity, why is eval considered evil Smilie.
Because it will evaluate any shell syntax you put into it, even things you didn't intend it to.

Imagine your program prompts for a user name, and someone types in $(rm -Rf ~/). Then that variable gets fed into an eval...

It is very, very difficult to make eval secure from this. Not impossible, but very hard. Much doublethink is required.

Further, it's often used by beginning programmers as a bridge or shoehorn when they don't know a better way to solve a problem.
Last edited by Corona688; 04-24-2013 at 01:34 PM..
This User Gave Thanks to Corona688 For This Post:
rbatte1
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

eval a variable that has a .

Hi, Is there any way that I can eval the following - eval abc.csv=def.csv I am getting the - bash: command not found error. thanks. (3 Replies)
Discussion started by: ttshell
3 Replies

2. Shell Programming and Scripting

EVal

Hi All, I'm running some encrypted data through a script I wrote. In order to do this, I'm using eval to resolve some of my variables. At the moment, when I use eval to resolve, it strips out some of my encrypted values, and totally drops some others. For example if I have the value ab1"3 it drops... (1 Reply)
Discussion started by: Khoomfire
1 Replies

3. Shell Programming and Scripting

eval misconception

Hi, I have two files "foo" and "bar" $ cat foo a is \$a and b is \$b $ cat bar car tree using the below 'while' loop I expect the output to be: a is car and b is tree while read a b; do eval echo $(cat foo) # o/p: a is $a and b is $b eval "echo $(eval "cat foo")"... (1 Reply)
Discussion started by: royalibrahim
1 Replies

4. UNIX for Advanced & Expert Users

eval behaviour

Hi, I have snippet like the following x="1" prompt1="hi" if I say eval echo \$prompt$x then it is giving o/p "hi" if I say `eval echo \$prompt$x` here it is giving 1 ! if I add one more escape character i.e. `eval echo \\$prompt$x` then it is giving "hi" Can you please... (3 Replies)
Discussion started by: shahnazurs
3 Replies

5. Shell Programming and Scripting

eval help

I am trying to expand the variable $user in my alias command and tried several variations of eval but can't seem to get it to work. The end result should be either: oracle_user='sudo su - oracle ' or oracle_user='sudo su - oracle1 ' user=$(grep '^oracle:' /etc/passwd | cut... (5 Replies)
Discussion started by: BeefStu
5 Replies

6. Shell Programming and Scripting

eval

hi all, Am trying to add some code to a ksh script and i dont understand how an eval function is used : _var=$1 _conceal=$2 eval _val=\$${_var} can someone shed some light on what the eval function in the above context means/does ?? thanks. (4 Replies)
Discussion started by: cesarNZ
4 Replies

7. Shell Programming and Scripting

Strange result of eval, how does eval really work with ssh?

Hi all, some small script with eval turned me to crazy. my OS is linux Linux s10-1310 2.6.16.53-0.8.PTF.434477.3.TDC.0-smp #1 SMP Fri Aug 31 06:07:27 PDT 2007 x86_64 x86_64 x86_64 GNU/Linux below script works well #!/bin/bash eval ssh remotehost date eval ssh remotehost ls below... (1 Reply)
Discussion started by: summer_cherry
1 Replies

8. Shell Programming and Scripting

Help on eval please

Hello All, Since my variables are nested I use eval to populate the data. I have an ambiguity here when eval is used along with & say I have the below variable url="www.unix.com" , this come from function call as argument. I want to take this into another variable say... (6 Replies)
Discussion started by: sathyaonnuix
6 Replies

9. Shell Programming and Scripting

Error in eval eval command to print html tags

anyone has any info on why this is complaining??? vivek@vivek-c5e55ef2e ~/TAC $ zoneCounter=1 vivek@vivek-c5e55ef2e ~/TAC $ optUsage1=23% vivek@vivek-c5e55ef2e ~/TAC $ eval eval echo "<th>Zone $zoneCounter </th><th align=\"left\"> \$optUsage$zoneCounter </th>" -bash: syntax error... (1 Reply)
Discussion started by: vivek d r
1 Replies

10. Shell Programming and Scripting

Error in eval eval command to print html tags

anyone has any info on why this is complaining??? vivek@vivek-c5e55ef2e ~/TAC $ zoneCounter=1 vivek@vivek-c5e55ef2e ~/TAC $ optUsage1=23% vivek@vivek-c5e55ef2e ~/TAC $ eval eval echo "<th>Zone $zoneCounter </th><th align=\"left\"> \$optUsage$zoneCounter </th>" -bash: syntax error... (13 Replies)
Discussion started by: vivek d r
13 Replies

LEARN ABOUT DEBIAN

eval

eval(3tcl)						       Tcl Built-In Commands							eval(3tcl)

__________________________________________________________________________________________________________________________________________________

NAME

       eval - Evaluate a Tcl script

SYNOPSIS

       eval arg ?arg ...?
_________________________________________________________________

DESCRIPTION

       Eval  takes  one  or more arguments, which together comprise a Tcl script containing one or more commands.  Eval concatenates all its argu-
       ments in the same fashion as the concat command, passes the concatenated string to the Tcl interpreter recursively, and returns the  result
       of  that  evaluation  (or any error generated by it).  Note that the list command quotes sequences of words in such a way that they are not
       further expanded by the eval command.

EXAMPLES

       Often, it is useful to store a fragment of a script in a variable and execute it later on with extra values  appended.  This  technique	is
       used  in  a  number of places throughout the Tcl core (e.g. in fcopy, lsort and trace command callbacks). This example shows how to do this
       using core Tcl commands:
	      set script {
		  puts "logging now"
		  lappend $myCurrentLogVar
	      }
	      set myCurrentLogVar log1
	      # Set up a switch of logging variable part way through!
	      after 20000 set myCurrentLogVar log2

	      for {set i 0} {$i<10} {incr i} {
		  # Introduce a random delay
		  after [expr {int(5000 * rand())}]
		  update    ;# Check for the asynch log switch
		  eval $script $i [clock clicks]
	      }

       Note that in the most common case (where the script fragment is actually just a list of words forming a command prefix), it  is	better	to |
       use  {*}$script	when  doing this sort of invocation pattern.  It is less general than the eval command, and hence easier to make robust in |
       practice.  The following procedure acts in a way that is analogous to the lappend command, except it inserts the  argument  values  at  the
       start of the list in the variable:
	      proc lprepend {varName args} {
		 upvar 1 $varName var
		 # Ensure that the variable exists and contains a list
		 lappend var
		 # Now we insert all the arguments in one go
		 set var [eval [list linsert $var 0] $args]
	      }
       However, the last line would now normally be written without eval, like this:								   |
	      set var [linsert $var 0 {*}$args] 												   |

SEE ALSO

       catch(3tcl), concat(3tcl), error(3tcl), interp(3tcl), list(3tcl), namespace(3tcl), subst(3tcl), tclvars(3tcl), uplevel(3tcl)

KEYWORDS

       concatenate, evaluate, script

Tcl																	eval(3tcl)
All times are GMT -4. The time now is 09:41 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy