My point is precisely that there's no way of running arbitrary code even when the regex isn't being checked or cleaned. Of course, the user running this will often be root so this is only an issue if the script is somehow made setuid. I only pointed it out to avoid the typical subthread about "Your usage of /$regex/ is insecure!".

Sorry, I had misunderstood. Had I understood your point, I would have said:

Indeed, without use re 'eval';, regexps won't knowingly run Perl code in interpolated variables. However, it's still possible to write very expensive regepxs and (I think) to crash Perl. I don't know if a crash can be exploited to execute native code.

using it would defy taint checking.

You mean “defeat” – unless you want to say that the code will doggedly refuse to be taint-checked. :-)

Makeshifts last the longest.