Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Eval
Top Forums Shell Programming and Scripting Eval Post 302798443 by Corona688 on Wednesday 24th of April 2013 12:21:05 PM
Old 04-24-2013
Quote:
Originally Posted by rbatte1
Out of curiosity, why is eval considered evil Smilie.
Because it will evaluate any shell syntax you put into it, even things you didn't intend it to.

Imagine your program prompts for a user name, and someone types in $(rm -Rf ~/). Then that variable gets fed into an eval...

It is very, very difficult to make eval secure from this. Not impossible, but very hard. Much doublethink is required.

Further, it's often used by beginning programmers as a bridge or shoehorn when they don't know a better way to solve a problem.
Last edited by Corona688; 04-24-2013 at 01:34 PM..
This User Gave Thanks to Corona688 For This Post:
rbatte1
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

eval a variable that has a .

Hi, Is there any way that I can eval the following - eval abc.csv=def.csv I am getting the - bash: command not found error. thanks. (3 Replies)
Discussion started by: ttshell
3 Replies

2. Shell Programming and Scripting

EVal

Hi All, I'm running some encrypted data through a script I wrote. In order to do this, I'm using eval to resolve some of my variables. At the moment, when I use eval to resolve, it strips out some of my encrypted values, and totally drops some others. For example if I have the value ab1"3 it drops... (1 Reply)
Discussion started by: Khoomfire
1 Replies

3. Shell Programming and Scripting

eval misconception

Hi, I have two files "foo" and "bar" $ cat foo a is \$a and b is \$b $ cat bar car tree using the below 'while' loop I expect the output to be: a is car and b is tree while read a b; do eval echo $(cat foo) # o/p: a is $a and b is $b eval "echo $(eval "cat foo")"... (1 Reply)
Discussion started by: royalibrahim
1 Replies

4. UNIX for Advanced & Expert Users

eval behaviour

Hi, I have snippet like the following x="1" prompt1="hi" if I say eval echo \$prompt$x then it is giving o/p "hi" if I say `eval echo \$prompt$x` here it is giving 1 ! if I add one more escape character i.e. `eval echo \\$prompt$x` then it is giving "hi" Can you please... (3 Replies)
Discussion started by: shahnazurs
3 Replies

5. Shell Programming and Scripting

eval help

I am trying to expand the variable $user in my alias command and tried several variations of eval but can't seem to get it to work. The end result should be either: oracle_user='sudo su - oracle ' or oracle_user='sudo su - oracle1 ' user=$(grep '^oracle:' /etc/passwd | cut... (5 Replies)
Discussion started by: BeefStu
5 Replies

6. Shell Programming and Scripting

eval

hi all, Am trying to add some code to a ksh script and i dont understand how an eval function is used : _var=$1 _conceal=$2 eval _val=\$${_var} can someone shed some light on what the eval function in the above context means/does ?? thanks. (4 Replies)
Discussion started by: cesarNZ
4 Replies

7. Shell Programming and Scripting

Strange result of eval, how does eval really work with ssh?

Hi all, some small script with eval turned me to crazy. my OS is linux Linux s10-1310 2.6.16.53-0.8.PTF.434477.3.TDC.0-smp #1 SMP Fri Aug 31 06:07:27 PDT 2007 x86_64 x86_64 x86_64 GNU/Linux below script works well #!/bin/bash eval ssh remotehost date eval ssh remotehost ls below... (1 Reply)
Discussion started by: summer_cherry
1 Replies

8. Shell Programming and Scripting

Help on eval please

Hello All, Since my variables are nested I use eval to populate the data. I have an ambiguity here when eval is used along with & say I have the below variable url="www.unix.com" , this come from function call as argument. I want to take this into another variable say... (6 Replies)
Discussion started by: sathyaonnuix
6 Replies

9. Shell Programming and Scripting

Error in eval eval command to print html tags

anyone has any info on why this is complaining??? vivek@vivek-c5e55ef2e ~/TAC $ zoneCounter=1 vivek@vivek-c5e55ef2e ~/TAC $ optUsage1=23% vivek@vivek-c5e55ef2e ~/TAC $ eval eval echo "<th>Zone $zoneCounter </th><th align=\"left\"> \$optUsage$zoneCounter </th>" -bash: syntax error... (1 Reply)
Discussion started by: vivek d r
1 Replies

10. Shell Programming and Scripting

Error in eval eval command to print html tags

anyone has any info on why this is complaining??? vivek@vivek-c5e55ef2e ~/TAC $ zoneCounter=1 vivek@vivek-c5e55ef2e ~/TAC $ optUsage1=23% vivek@vivek-c5e55ef2e ~/TAC $ eval eval echo "<th>Zone $zoneCounter </th><th align=\"left\"> \$optUsage$zoneCounter </th>" -bash: syntax error... (13 Replies)
Discussion started by: vivek d r
13 Replies

LEARN ABOUT FREEBSD

atf-sh

ATF-SH(1)						    BSD General Commands Manual 						 ATF-SH(1)

NAME

     atf-sh [-s shell] -- interpreter for shell-based test programs

SYNOPSIS

     atf-sh script

DESCRIPTION

     atf-sh is an interpreter that runs the test program given in script after loading the atf-sh(3) library.

     atf-sh is not a real interpreter though: it is just a wrapper around the system-wide shell defined by ATF_SHELL.  atf-sh executes the inter-
     preter, loads the atf-sh(3) library and then runs the script.  You must consider atf-sh to be a POSIX shell by default and thus should not
     use any non-standard extensions.

     The following options are available:

     -s shell	  Specifies the shell to use instead of the value provided by ATF_SHELL.

ENVIRONMENT

     ATF_LIBEXECDIR    Overrides the builtin directory where atf-sh is located.  Should not be overridden other than for testing purposes.
     ATF_PKGDATADIR    Overrides the builtin directory where libatf-sh.subr is located.  Should not be overridden other than for testing purposes.
     ATF_SHELL	       Path to the system shell to be used in the generated scripts.  Scripts must not rely on this variable being set to select a
		       specific interpreter.

EXAMPLES

     Scripts using atf-sh(3) should start with:

	   #! /usr/bin/env atf-sh

     Alternatively, if you want to explicitly choose a shell interpreter, you cannot rely on env(1) to find atf-sh.  Instead, you have to hardcode
     the path to atf-sh in the script and then use the -s option afterwards as a single parameter:

	   #! /path/to/bin/atf-sh -s/bin/bash

ENVIRONMENT

     ATF_SHELL	  Path to the system shell to be used in the generated scripts.

SEE ALSO

     atf-sh(3)

BSD
								September 27, 2014							       BSD
All times are GMT -4. The time now is 11:13 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy