Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Eval

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Eval
# 1  
Old 04-24-2013
Eval
thank you
Last edited by ratnalein88; 05-06-2013 at 03:43 AM..
# 2  
Old 04-24-2013
Any substitution you haven't escaped with \ happens before you run eval, just as if you'd passed that string into anything else. Only after it does that, will it evaluate the string as raw shell syntax.

As an aside, eval is generally to be avoided.
# 3  
Old 04-24-2013
Out of curiosity, why is eval considered evil Smilie. The hits I find with an internet search are pretty much all java & perl, so what is a problem to ksh?

I try to avoid it, but there are occasions where I can't find another sensible way. I understand the cost of another process, especially if it's used in a loop, but is it dangerous.



Thanks, in advance,
Robin
# 4  
Old 04-24-2013
Quote:
Originally Posted by rbatte1
Out of curiosity, why is eval considered evil Smilie.
Because it will evaluate any shell syntax you put into it, even things you didn't intend it to.

Imagine your program prompts for a user name, and someone types in $(rm -Rf ~/). Then that variable gets fed into an eval...

It is very, very difficult to make eval secure from this. Not impossible, but very hard. Much doublethink is required.

Further, it's often used by beginning programmers as a bridge or shoehorn when they don't know a better way to solve a problem.
Last edited by Corona688; 04-24-2013 at 01:34 PM..
This User Gave Thanks to Corona688 For This Post:
rbatte1
# 5  
Old 04-24-2013
I feel such a fool. Fortunately, I only use it to get an indirect variable or scheduled tasks reading in assignments from a parameter file that I control, which is a pretty rare need in itself.

Things such as:-
Code:
b=a
c=`eval echo $"{\`echo $b\`}"`

or
Code:
eval `grep "^GLOBAL:" $parmfile|cut -f2 -d":"`
eval `grep "^$JOBNAME:" $parmfile|cut -f2- -d":"`

.... where $parmfile contains statements such as:-
Code:
GLOBAL:COBRUN=cobrun
VALREP:VALREP.04146
QUOTES:COBRUN=qcobrun
VALUATION:export dd_REPORT=`grep "^VALREP:" $parmfile|cut -f2- -d":"`;echo dd_REPORT

I must admit that the parameter file is very closely guarded, but I agree it is susceptible to what you suggest.

I'm a little worried now...... Time to think a bit harder for older ksh. Any suggestions of a better way are very welcome.



Robin
# 6  
Old 04-24-2013
Quote:
Originally Posted by rbatte1
I feel such a fool. Fortunately, I only use it to get an indirect variable
In BASH, you can get an indirect variable via
Code:
NAME="VAR"
VAR="ASDF"
echo "${!VAR}"

This is a bash-only feature sadly, I used to think ksh93 had it too..

Quote:
...or scheduled tasks reading in assignments from a parameter file that I control, which is a pretty rare need in itself.
You can set arbitrary variable names with the read builtin, which will work in any shell. This trick works because read takes a variable name, not the variable itself.

Code:
VARNAME="ASDF"
read $VARNAME <<EOF
this contents get assigned to asdf
EOF

echo $ASDF

This User Gave Thanks to Corona688 For This Post:
rbatte1
# 7  
Old 04-24-2013
Quote:
Originally Posted by rbatte1
Out of curiosity, why is eval considered evil Smilie. The hits I find with an internet search are pretty much all java & perl, so what is a problem to ksh?

I try to avoid it, but there are occasions where I can't find another sensible way. I understand the cost of another process, especially if it's used in a loop, but is it dangerous.



Thanks, in advance,
Robin
Hi Robin,
The eval command isn't evil, it is just dangerous to use it to evaluate any user supplied text. In a script, it can be used safely to evaluate commands when the command is entirely under the control of the script writer. For example to get the value of the last two command line arguments passed to a shell script, save the following in a file named last2:
Code:
#!/bin/ksh 
echo "${0##*/} has been called with $# arguments."
if [ $# -gt 1 ]
then    eval lm1=\$$(($# - 1))
else    lm1="There is only one argument."
fi
eval last=\$$# 
printf "The last two arguments are \"%s\" and \"%s\"\n" "$lm1" "$last"

and make it executable:
Code:
chmod +x last2

Then the command:
Code:
./last2 * '$(echo rm -rf ~loginID)'

will print:
Code:
last2 has been called with 9 arguments.
The last two arguments are "zebra" and "$(echo rm -rf ~loginID)"

if there are 7 files in the current directory and the last one (sorted alphabetically) is named zebra.

As Corona688 has already shown, if the script were then to use eval on the user supplied input stored in $last, the results could ruin the day for the user with the login name loginID!

Quote:
Originally Posted by Corona688
In BASH, you can get an indirect variable via
Code:
NAME="VAR"
VAR="ASDF"
echo "${!VAR}"

This is a bash-only feature sadly, I used to think ksh93 had it too..

...
Hi Corona688,
There are name reference variables in ksh93, but the syntax is different. In ksh you have to explictly state that a variable is to be treated as a reference variable using either the nameref or the typeset -n command. They can be used as shown here:
Code:
#!/bin/ksh
set -xv
x=123
nameref y=x
echo $y
echo ${!y}
y=456
echo $x
typeset -n z=x
echo $z
z="hello world"
echo $x

which produces the following combined stdout and stderr output:
Code:
x=123
+ x=123
nameref y=x
+ y=x
+ typeset -n y
echo $y
+ echo 123
123
echo ${!y}
+ echo x
x
y=456
+ x=456
echo $x
+ echo 456
456
typeset -n z=x
+ z=x
+ typeset -n z
echo $z
+ echo 456
456
z="hello world"
+ x='hello world'
echo $x
+ echo hello world
hello world

Last edited by Don Cragun; 04-24-2013 at 06:01 PM.. Reason: Fix typos.
These 3 Users Gave Thanks to Don Cragun For This Post:
Corona688 radoulov rbatte1
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Error in eval eval command to print html tags

anyone has any info on why this is complaining??? vivek@vivek-c5e55ef2e ~/TAC $ zoneCounter=1 vivek@vivek-c5e55ef2e ~/TAC $ optUsage1=23% vivek@vivek-c5e55ef2e ~/TAC $ eval eval echo "<th>Zone $zoneCounter </th><th align=\"left\"> \$optUsage$zoneCounter </th>" -bash: syntax error... (13 Replies)
Discussion started by: vivek d r
13 Replies

2. Shell Programming and Scripting

Error in eval eval command to print html tags

anyone has any info on why this is complaining??? vivek@vivek-c5e55ef2e ~/TAC $ zoneCounter=1 vivek@vivek-c5e55ef2e ~/TAC $ optUsage1=23% vivek@vivek-c5e55ef2e ~/TAC $ eval eval echo "<th>Zone $zoneCounter </th><th align=\"left\"> \$optUsage$zoneCounter </th>" -bash: syntax error... (1 Reply)
Discussion started by: vivek d r
1 Replies

3. Shell Programming and Scripting

Help on eval please

Hello All, Since my variables are nested I use eval to populate the data. I have an ambiguity here when eval is used along with & say I have the below variable url="www.unix.com" , this come from function call as argument. I want to take this into another variable say... (6 Replies)
Discussion started by: sathyaonnuix
6 Replies

4. Shell Programming and Scripting

Strange result of eval, how does eval really work with ssh?

Hi all, some small script with eval turned me to crazy. my OS is linux Linux s10-1310 2.6.16.53-0.8.PTF.434477.3.TDC.0-smp #1 SMP Fri Aug 31 06:07:27 PDT 2007 x86_64 x86_64 x86_64 GNU/Linux below script works well #!/bin/bash eval ssh remotehost date eval ssh remotehost ls below... (1 Reply)
Discussion started by: summer_cherry
1 Replies

5. Shell Programming and Scripting

eval

hi all, Am trying to add some code to a ksh script and i dont understand how an eval function is used : _var=$1 _conceal=$2 eval _val=\$${_var} can someone shed some light on what the eval function in the above context means/does ?? thanks. (4 Replies)
Discussion started by: cesarNZ
4 Replies

6. Shell Programming and Scripting

eval help

I am trying to expand the variable $user in my alias command and tried several variations of eval but can't seem to get it to work. The end result should be either: oracle_user='sudo su - oracle ' or oracle_user='sudo su - oracle1 ' user=$(grep '^oracle:' /etc/passwd | cut... (5 Replies)
Discussion started by: BeefStu
5 Replies

7. UNIX for Advanced & Expert Users

eval behaviour

Hi, I have snippet like the following x="1" prompt1="hi" if I say eval echo \$prompt$x then it is giving o/p "hi" if I say `eval echo \$prompt$x` here it is giving 1 ! if I add one more escape character i.e. `eval echo \\$prompt$x` then it is giving "hi" Can you please... (3 Replies)
Discussion started by: shahnazurs
3 Replies

8. Shell Programming and Scripting

eval misconception

Hi, I have two files "foo" and "bar" $ cat foo a is \$a and b is \$b $ cat bar car tree using the below 'while' loop I expect the output to be: a is car and b is tree while read a b; do eval echo $(cat foo) # o/p: a is $a and b is $b eval "echo $(eval "cat foo")"... (1 Reply)
Discussion started by: royalibrahim
1 Replies

9. Shell Programming and Scripting

EVal

Hi All, I'm running some encrypted data through a script I wrote. In order to do this, I'm using eval to resolve some of my variables. At the moment, when I use eval to resolve, it strips out some of my encrypted values, and totally drops some others. For example if I have the value ab1"3 it drops... (1 Reply)
Discussion started by: Khoomfire
1 Replies

10. Shell Programming and Scripting

eval a variable that has a .

Hi, Is there any way that I can eval the following - eval abc.csv=def.csv I am getting the - bash: command not found error. thanks. (3 Replies)
Discussion started by: ttshell
3 Replies
Login or Register to Ask a Question