> > * Use of eval presents a significant security risk: any command > > where a non-privileged user might gain control over any field's > > value makes eval as root (say, in an admin script) unsafe. > > To avoid this do: a) quote '$', '`' and a few other unsafe characters, > b) instruct developers to disable globbing prior to evaluating this > output. It should be possible to make dladm's output eval safe (and if > not then let's find out why not).
Please, let's not. The eval approach seemed clever at the time, but in retrospect it was a mistake. -- meem
