Has security issues from loading shell

Could you explain, or provide a pointer to discussion of the security issues?

Due care must be spent on sanitizing and escaping the arguments if they are not hard coded.

$file_name = 'file name';
system("program $file_name &");  # Oops!
[download]

Without due care, the code may not work, or worse, it could be vulnerable to injection attacks.

If you do that as

system qq[program "$filename" &];
[download]

It won't matter if the filename contains spaces or not. That's a simple programming problem and hardly worthy of description as "security issue".

As for "injection attacks", I assume that you mean if the source of all or part of the command supplied to the system command is an untrusted external source, then care must be taken. I fail too see how the start command is any more or less of a security risk to invoking an untrusted command directly?

If you get data from untrusted sources, don't you have to be just as careful invoking that data as a command directly as you do invoking it indirectly via a command shell?

---

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.