On Wed, 13 Dec 2006, Martijn van Oosterhout wrote:
> On Wed, Dec 13, 2006 at 05:04:42PM -0500, Tom Lane wrote:
>> Bricklen Anderson <banderson@presinet.com> writes:
>>> Marc Evans wrote:
>>>> OK, I must be missing something obvious:
>>>> ERROR: creation of Perl function failed: 'eval "string"' trapped by
>>>> operation mask at line 2.
>>
>>> Try as plperlu
>>
>> This brings up the question of whether it'd be safe to allow eval in
>> plperl functions. I'm not sure why it's excluded now ... does it allow
>> access to untrusted operations?
>
> ISTM there being something about the Safe module in perl not being able
> to enable eval while staying "safe", so to speak.
>
> Looking at the safe module it looks like you can exclude certain
> functions from restrictions. The manpage has an example, so a simple
> try/catch mechanism could be created if enabling "eval" directly isn't
> ok.
I believe that the BLOCK variation of eval could be considered safe, e.g.
eval { ... } but the EXPR version of eval probably should not be
considered safe, e.g. eval "...".
- Marc