in reply to Best practice for user-input in eval
It's a hard problem to get right. As well as the Safe module the other comment refers to, you may want to look into OS-level permissions.
Assuming Linux, you may be interested in:
- chroot;
- running as a sandbox user-id which owns no files (and is a member of no other groups). (Clear out that user's home dir before each run);
- ulimit and friends to control resource usage
Lastly, you said you need to allow users: "to input a perl expression or program and have it run over string."
That's a really unusual requirement. Is there any chance you could tell us why you need to do that? It's possible someone could think of an alternative approach which isn't as risky.
In Section
Seekers of Perl Wisdom