04-24-2013
Quote:
Originally Posted by
rbatte1
Out of curiosity, why is
eval considered
evil .
Because it will evaluate
any shell syntax you put into it, even things you didn't intend it to.
Imagine your program prompts for a user name, and someone types in
$(rm -Rf ~/). Then that variable gets fed into an
eval...
It is very, very difficult to make eval secure from this. Not impossible, but very hard. Much doublethink is required.
Further, it's often used by beginning programmers as a bridge or shoehorn when they don't know a better way to solve a problem.
Last edited by Corona688; 04-24-2013 at 01:34 PM..
This User Gave Thanks to Corona688 For This Post:
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi,
Is there any way that I can eval the following -
eval abc.csv=def.csv
I am getting the - bash: command not found error.
thanks. (3 Replies)
Discussion started by: ttshell
3 Replies
2. Shell Programming and Scripting
Hi All,
I'm running some encrypted data through a script I wrote. In order to do this, I'm using eval to resolve some of my variables. At the moment, when I use eval to resolve, it strips out some of my encrypted values, and totally drops some others. For example if I have the value ab1"3 it drops... (1 Reply)
Discussion started by: Khoomfire
1 Replies
3. Shell Programming and Scripting
Hi, I have two files "foo" and "bar"
$ cat foo
a is \$a and b is \$b
$ cat bar
car tree
using the below 'while' loop I expect the output to be: a is car and b is tree
while read a b; do
eval echo $(cat foo) # o/p: a is $a and b is $b
eval "echo $(eval "cat foo")"... (1 Reply)
Discussion started by: royalibrahim
1 Replies
4. UNIX for Advanced & Expert Users
Hi,
I have snippet like the following
x="1"
prompt1="hi"
if I say
eval echo \$prompt$x then it is giving o/p "hi"
if I say `eval echo \$prompt$x` here it is giving 1 !
if I add one more escape character i.e.
`eval echo \\$prompt$x` then it is giving "hi"
Can you please... (3 Replies)
Discussion started by: shahnazurs
3 Replies
5. Shell Programming and Scripting
I am trying to expand the variable $user in my alias command and tried
several variations of eval but can't seem to get it to work.
The end result should be either:
oracle_user='sudo su - oracle ' or oracle_user='sudo su - oracle1 '
user=$(grep '^oracle:' /etc/passwd | cut... (5 Replies)
Discussion started by: BeefStu
5 Replies
6. Shell Programming and Scripting
hi all,
Am trying to add some code to a ksh script and i dont understand how an eval function is used :
_var=$1
_conceal=$2
eval _val=\$${_var}
can someone shed some light on what the eval function in the above context means/does ??
thanks. (4 Replies)
Discussion started by: cesarNZ
4 Replies
7. Shell Programming and Scripting
Hi all,
some small script with eval turned me to crazy.
my OS is linux
Linux s10-1310 2.6.16.53-0.8.PTF.434477.3.TDC.0-smp #1 SMP Fri Aug 31 06:07:27 PDT 2007 x86_64 x86_64 x86_64 GNU/Linux
below script works well
#!/bin/bash
eval ssh remotehost date
eval ssh remotehost ls
below... (1 Reply)
Discussion started by: summer_cherry
1 Replies
8. Shell Programming and Scripting
Hello All,
Since my variables are nested I use eval to populate the data.
I have an ambiguity here when eval is used along with &
say I have the below variable
url="www.unix.com" , this come from function call as argument.
I want to take this into another variable say... (6 Replies)
Discussion started by: sathyaonnuix
6 Replies
9. Shell Programming and Scripting
anyone has any info on why this is complaining???
vivek@vivek-c5e55ef2e ~/TAC
$ zoneCounter=1
vivek@vivek-c5e55ef2e ~/TAC
$ optUsage1=23%
vivek@vivek-c5e55ef2e ~/TAC
$ eval eval echo "<th>Zone $zoneCounter </th><th align=\"left\"> \$optUsage$zoneCounter </th>"
-bash: syntax error... (1 Reply)
Discussion started by: vivek d r
1 Replies
10. Shell Programming and Scripting
anyone has any info on why this is complaining???
vivek@vivek-c5e55ef2e ~/TAC
$ zoneCounter=1
vivek@vivek-c5e55ef2e ~/TAC
$ optUsage1=23%
vivek@vivek-c5e55ef2e ~/TAC
$ eval eval echo "<th>Zone $zoneCounter </th><th align=\"left\"> \$optUsage$zoneCounter </th>"
-bash: syntax error... (13 Replies)
Discussion started by: vivek d r
13 Replies
LEARN ABOUT OPENSOLARIS
eval
eval(1T) Tcl Built-In Commands eval(1T)
__________________________________________________________________________________________________________________________________________________
NAME
eval - Evaluate a Tcl script
SYNOPSIS
eval arg ?arg ...?
_________________________________________________________________
DESCRIPTION
Eval takes one or more arguments, which together comprise a Tcl script containing one or more commands. Eval concatenates all its argu-
ments in the same fashion as the concat command, passes the concatenated string to the Tcl interpreter recursively, and returns the result
of that evaluation (or any error generated by it). Note that the list command quotes sequences of words in such a way that they are not
further expanded by the eval command.
EXAMPLE
This procedure acts in a way that is analogous to the lappend command, except it inserts the argument values at the start of the list in
the variable:
proc lprepend {varName args} {
upvar 1 $varName var
# Ensure that the variable exists and contains a list
lappend var
# Now we insert all the arguments in one go
set var [eval [list linsert $var 0] $args]
}
KEYWORDS
concatenate, evaluate, script
SEE ALSO
catch(1T), concat(1T), error(1T), list(1T), subst(1T), tclvars(1T)
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Availability | SUNWTcl |
+--------------------+-----------------+
|Interface Stability | Uncommitted |
+--------------------+-----------------+
NOTES
Source for Tcl is available on http://opensolaris.org.
Tcl eval(1T)