comment on

And I never understood the predilection *nix people have for "avoiding the shell". It seems to me that all of the justifictions I've read ... could equally be done to the program you ask the shell to run on your behalf.

The major issue I see with it is interpolating user input into the shell command. If one uses fixed strings, or one makes sure that any variables interpolated into the command are always sanitized, then I have no problem with using the shell. The problem arises when people aren't aware of the potential security issues, do the escaping wrong, or when scripts start out with "safe" use of the shell but are later modified to accept different user input and the maintainer forgets to properly sanitize the inputs accordingly. Hence my usual advice to just avoid the shell in the first place, and only use it if one knows what one is doing.

In reply to Re^5: system call windows by haukex
in thread system call windows by Anonymous Monk

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.