Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.syntblaze.com/llms.txt

Use this file to discover all available pages before exploring further.

The eval command is a POSIX-compliant shell builtin that evaluates arguments as a shell command. It concatenates its arguments into a single string, feeds that string back into the shell’s parsing engine, and executes the resulting command within the current shell execution environment.

Syntax

eval [arg ...]

Execution Mechanics: The Two-Pass Parsing Model

The defining characteristic of eval is that it forces the shell to process the command line twice. Understanding eval requires understanding this two-pass evaluation lifecycle:
  1. Pass 1 (Standard Shell Expansion): The shell parses the initial statement. It performs standard tokenization, variable expansion, command substitution, and quote removal on the arguments before passing them to the eval builtin.
  2. Pass 2 (eval Execution): eval takes the resulting arguments, joins them with spaces to form a new command string, and invokes the shell parser a second time. The shell performs a full parsing lifecycle (including a second round of expansions) on this new string and executes it.

Mechanism Demonstration

The following code illustrates the two-pass parsing behavior using variable indirection: 
POINTER="TARGET"
TARGET="Execution Successful"


# The backslash escapes the first dollar sign during Pass 1.
eval echo \$$POINTER
Evaluation Breakdown:
  • Pass 1: The shell sees eval echo \$$POINTER. It removes the escape character \ leaving a literal $. It expands $POINTER to TARGET. The arguments passed to eval are echo and $TARGET.
  • Pass 2: eval constructs the string echo $TARGET. The shell parses this new string, expands $TARGET to Execution Successful, and executes the echo command.

Environment Context

Unlike executing a command via a subshell (e.g., $(command) or (command)), eval operates entirely within the current shell environment. Any state changes—such as variable assignments, directory changes (cd), or function definitions—instantiated during the eval execution persist in the parent shell after eval terminates.

Exit Status

The return value ($?) of the eval command is strictly the exit status of the command it ultimately executes during the second pass.
  • If the executed command succeeds, eval returns 0.
  • If the executed command fails, eval returns the specific non-zero error code of that command.
  • If eval is called with no arguments, or if the arguments evaluate to a null command (an empty string), it returns 0.

Security Implications

Because eval invokes the shell parser on dynamically constructed strings, it is inherently vulnerable to Arbitrary Code Execution (ACE) and command injection. If any part of the string passed to eval originates from untrusted input, standard quoting mechanisms are insufficient. During the second parsing pass, shell metacharacters (such as ;, |, &, or $()) embedded in the evaluated string will be interpreted as control operators, allowing the execution of unintended commands.
Master Bash with Deep Grasping Methodology!Learn More