https://www.effectiveperlprogramming.com/2011/03/know-the-different-evals/
On Tue, May 30, 2017 at 10:49 AM, Dirk-Willem van Gulik < di...@webweaving.org> wrote: > > On 30 May 2017, at 16:43, John Dunlap <j...@lariat.co> wrote: > > How is it a security hole? > > …. > > > my $ret = eval { $m->...() }; > > > Just imagine $m->…() returning something containing a valid perl > expression such as " `rm -rf /‘; “, system(“rm -rf /“); or something that > wires up a shell to a TCP socket. > > Dw. > >