in reply to Is there such a thing as safe eval?

Yes, exist! Use the module Safe.

Here's an example of how to do that: 

use Safe ;

  my $PACK = new Safe ;

  $PACK->deny(qw(
wantarray vec warn 
grepstart grepwhile mapstart mapwhile enteriter iter enterloop leavelo
+op unstack
last next redo goto
readline rcatline getc read formline enterwrite leavewrite
print sysread syswrite send recv
eof tell seek sysseek readdir telldir seekdir rewinddir
bless sprintf prtf crypt
tie untie dbmopen dbmclose
sselect select pipe_op sockpair
getppid getpgrp setpgrp getpriority setpriority localtime gmtime
rand srand atan2 sin cos exp log sqrt reset
chroot syscall dump exit die warn fork lock threadsv
  )) ;
  
  ## I use select to turn of output:
  my $sel = select(NULL) ;
  
  $PACK->reval(q`
  ## your code that need to be safe....
  `) ;
  
  ## select again the previous output:
  select($sel) ;

[download]
Note that I use this to get a HASH inside a .txt file, and avoid extra functions that doesn't represent the declaration of a HASH. Than you need to check $PACK->deny and see what operators you really want to avoid.

Graciliano M. P.
"The creativity is the expression of the liberty".

Replies are listed 'Best First'.
Re: Re: Is there such a thing as safe eval?
by bobn (Chaplain) on May 11, 2003 at 18:33 UTC
    As others have noted in this thread, common security usage of a filtering tool is to permit only that which is known good and deeny all else, e.g.: 
    use Safe ;

my $PACK = new Safe ;

$PACK->permit_only( # good ops here

    [download]
    Bob Niederman, http://bob-n.com
[reply]
[d/l]

In Section Seekers of Perl Wisdom