An important discovery is that the subroutine hpprime.eval ('<PPL command>') is a way to get at PPL commands that don't have python equivalents. In particular, it allows easy access to menu-oriented ...

Apport blindly uses the python eval () function on an unsanitized field (CrashDB) inside the .crash file. This leads directly to arbitrary python code execution.