|
|
Sponsored Content
Top Forums
Shell Programming and Scripting
Eval
Post 302798443 by Corona688 on Wednesday 24th of April 2013 12:21:05 PM
04-24-2013
Because it will evaluate any shell syntax you put into it, even things you didn't intend it to.
Imagine your program prompts for a user name, and someone types in $(rm -Rf ~/). Then that variable gets fed into an eval...
It is very, very difficult to make eval secure from this. Not impossible, but very hard. Much doublethink is required.
Further, it's often used by beginning programmers as a bridge or shoehorn when they don't know a better way to solve a problem.
.Imagine your program prompts for a user name, and someone types in $(rm -Rf ~/). Then that variable gets fed into an eval...
It is very, very difficult to make eval secure from this. Not impossible, but very hard. Much doublethink is required.
Further, it's often used by beginning programmers as a bridge or shoehorn when they don't know a better way to solve a problem.
Last edited by Corona688; 04-24-2013 at 01:34 PM..
This User Gave Thanks to Corona688 For This Post:
|
|
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi,
Is there any way that I can eval the following -
eval abc.csv=def.csv
I am getting the - bash: command not found error.
thanks. (3 Replies)
Discussion started by: ttshell
3 Replies
2. Shell Programming and Scripting
Hi All,
I'm running some encrypted data through a script I wrote. In order to do this, I'm using eval to resolve some of my variables. At the moment, when I use eval to resolve, it strips out some of my encrypted values, and totally drops some others. For example if I have the value ab1"3 it drops... (1 Reply)
Discussion started by: Khoomfire
1 Replies
3. Shell Programming and Scripting
Hi, I have two files "foo" and "bar"
$ cat foo
a is \$a and b is \$b
$ cat bar
car tree
using the below 'while' loop I expect the output to be: a is car and b is tree
while read a b; do
eval echo $(cat foo) # o/p: a is $a and b is $b
eval "echo $(eval "cat foo")"... (1 Reply)
Discussion started by: royalibrahim
1 Replies
4. UNIX for Advanced & Expert Users
Hi,
I have snippet like the following
x="1"
prompt1="hi"
if I say
eval echo \$prompt$x then it is giving o/p "hi"
if I say `eval echo \$prompt$x` here it is giving 1 !
if I add one more escape character i.e.
`eval echo \\$prompt$x` then it is giving "hi"
Can you please... (3 Replies)
Discussion started by: shahnazurs
3 Replies
5. Shell Programming and Scripting
I am trying to expand the variable $user in my alias command and tried
several variations of eval but can't seem to get it to work.
The end result should be either:
oracle_user='sudo su - oracle ' or oracle_user='sudo su - oracle1 '
user=$(grep '^oracle:' /etc/passwd | cut... (5 Replies)
Discussion started by: BeefStu
5 Replies
6. Shell Programming and Scripting
hi all,
Am trying to add some code to a ksh script and i dont understand how an eval function is used :
_var=$1
_conceal=$2
eval _val=\$${_var}
can someone shed some light on what the eval function in the above context means/does ??
thanks. (4 Replies)
Discussion started by: cesarNZ
4 Replies
7. Shell Programming and Scripting
Hi all,
some small script with eval turned me to crazy.
my OS is linux
Linux s10-1310 2.6.16.53-0.8.PTF.434477.3.TDC.0-smp #1 SMP Fri Aug 31 06:07:27 PDT 2007 x86_64 x86_64 x86_64 GNU/Linux
below script works well
#!/bin/bash
eval ssh remotehost date
eval ssh remotehost ls
below... (1 Reply)
Discussion started by: summer_cherry
1 Replies
8. Shell Programming and Scripting
Hello All,
Since my variables are nested I use eval to populate the data.
I have an ambiguity here when eval is used along with &
say I have the below variable
url="www.unix.com" , this come from function call as argument.
I want to take this into another variable say... (6 Replies)
Discussion started by: sathyaonnuix
6 Replies
9. Shell Programming and Scripting
anyone has any info on why this is complaining???
vivek@vivek-c5e55ef2e ~/TAC
$ zoneCounter=1
vivek@vivek-c5e55ef2e ~/TAC
$ optUsage1=23%
vivek@vivek-c5e55ef2e ~/TAC
$ eval eval echo "<th>Zone $zoneCounter </th><th align=\"left\"> \$optUsage$zoneCounter </th>"
-bash: syntax error... (1 Reply)
Discussion started by: vivek d r
1 Replies
10. Shell Programming and Scripting
anyone has any info on why this is complaining???
vivek@vivek-c5e55ef2e ~/TAC
$ zoneCounter=1
vivek@vivek-c5e55ef2e ~/TAC
$ optUsage1=23%
vivek@vivek-c5e55ef2e ~/TAC
$ eval eval echo "<th>Zone $zoneCounter </th><th align=\"left\"> \$optUsage$zoneCounter </th>"
-bash: syntax error... (13 Replies)
Discussion started by: vivek d r
13 Replies
LEARN ABOUT DEBIAN
padre::task::eval
Padre::Task::Eval(3pm) User Contributed Perl Documentation Padre::Task::Eval(3pm) NAME
Padre::Task::Eval - Task for executing arbitrary code via a string eval SYNOPSIS
my $task = Padre::Task::Eval->new( prepare => '1 + 1', run => 'my $foo = sub { 2 + 3 }; $foo->();', finish => '$_[0]->{prepare}', ); $task->prepare; $task->run; $task->finish; DESCRIPTION
Padre::Task::Eval is a stub class used to implement testing and other miscellaneous functionality. It takes three named string parameters matching each of the three execution phases. When each phase of the task is run, the string will be eval'ed and the result will be stored in the same has key as the source string. If the key does not exist at all, nothing will be executed for that phase. Regardless of the execution result (or the non-execution of the phase) each phase will always return true. However, if the string eval throws an exception it will escape the task object (although when run properly inside of a task handle it should be caught by the handle). METHODS
This class contains now additional methods beyond the defaults provided by the Padre::Task API. COPYRIGHT &; LICENSE Copyright 2008-2012 The Padre development team as listed in Padre.pm. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. The full text of the license can be found in the LICENSE file included with this module. perl v5.14.2 2012-06-27 Padre::Task::Eval(3pm)