But that is rather easily bypassed:

C:\Users\HomeAdmin>set PERL5OPT=-Mre=eval

C:\Users\HomeAdmin>perl -e" my $re = shift;  1 =~ /$re/; "  "(?{die666
+})"

C:\Users\HomeAdmin>
[download]

I agree, that anything the user could supply the OPs program with from the command line, they could equally just supply to perl directly, via the command line; but that's partly why I phrased my response the way I did. Ie. Trying to tease out exactly what the OPs concerns are.

For example, perhaps the arguments that will be supplied to the OPs program, originate from a web page interface accessible to 'external' users.

*giggle* and also easily unbypassed

$ perl -le"use re 'eval'; no re 'eval'; my $re=shift; 1=~/$re/;" "(??{
+die666})"
Eval-group not allowed at runtime, use re 'eval' in regex m/(??{die666
+})/ at -e line 1.
[download]

If the user has command line access, then I see no reason from stopping them to run perl code. A good starting point is "originate from a web page interface accessible to 'external' users." The question I asked was about untainting, thus for any and all reasons one should want to untaint a string to be used to match against another string, this would include but not limited too the above.

In this case, a Nagios module, the nrpe could be configured to allow argument passing. This gives the remote monitoring server the ability to specify any string and it may not have command line access.