Re^3: trouble with packages/eval/variable-scoping

Where in the OP's post do you see that it's an open config file accessible by others?

Trouble is, it's not just "others" that you have to worry about. In your config file it is your own typos, etc. Config files should be parsed, not executed. And if for some odd reason they must be executed, do it at compile time. And if for some other reason you have to do it at run-time then you'd better be using taint mode.

🦛

Comment on Re^3: trouble with packages/eval/variable-scoping

Replies are listed 'Best First'.
Re^4: trouble with packages/eval/variable-scoping by LanX (Saint) on Aug 30, 2024 at 12:39 UTC
First of all I can't see that it's a config file. Secondly, the same must apply to all modules etc. Thirdly, if the OP is generating code in his Tk app and keeps it safe, where is the problem? This would apply as meta programming, and I could come up with multiple use cases for this. Meta I really have a problem with dogmatic preaching just after a trigger point like `eval` is shown ... I'm pretty sure we wouldn't have seen this discussion if the OP was using `require` to load the code. Cheers Rolf _{(addicted to the Perl Programming Language :) see Wikisyntax for the Monastery}	[reply]
Re^5: trouble with packages/eval/variable-scoping by hippo (Archbishop) on Aug 30, 2024 at 13:12 UTC
Thirdly, if the OP is generating code in his Tk app and keeps it safe, where is the problem? Then there would be no great problem. However, keeping it safe is not trivial and that's why we have all kinds of helpful protections to ward off such things. There is nothing at all to stop any Perl programmer (or TBH, any programmer of whatever flavour) from shooting themselves in the foot. If a programmer is happy with the potential consequences then they are perfectly free to be as laissez-faire as they wish. I just wouldn't want anyone to be going down that road without being aware of those potential consequences. YMMV. 🦛	[reply]
Re^6: trouble with packages/eval/variable-scoping by LanX (Saint) on Aug 30, 2024 at 13:41 UTC
> keeping it safe is not trivial If a program is saved in a user's directory and only accessible with his credentials I wonder what kind of vector you see that is not already open for other apps? Cheers Rolf _{(addicted to the Perl Programming Language :) see Wikisyntax for the Monastery}	[reply]
Re^7: trouble with packages/eval/variable-scoping by hippo (Archbishop) on Aug 30, 2024 at 13:58 UTC

Meta