Re^2: Use of system() considered harmful

It's dangerous because shell interpretation can change the behavior of your program in surprising ways. Command line programs work with positional parameters, and when you subject your command text to shell interpretation you have to very careful in the way you write the command to preserve those positional parameters.

For instance, this looks like it will invoke cmd with three arguments:

 system("/bin/sh", "-c", "cmd $one $two $three");
[download]

Of course, what really will happen depends on what the strings $one, $two and $three contain.

That's why I like to avoid invoking a shell either explicitly or implicitly when calling external programs.

Comment on Re^2: Use of system() considered harmful Select or Download Code

Replies are listed 'Best First'.
Re^3: Use of system() considered harmful by BrowserUk (Patriarch) on Jun 07, 2008 at 20:17 UTC
That's why I like to avoid invoking a shell either explicitly or implicitly when calling external programs. Isn't that exactly why system has the list argument form? Sounds to me like you are asking for perl to restrict everyones access to useful behaviour in order to save you from yourself. Of course, what really will happen depends on what the strings $one, $two and $three contain. No shit Sherlock :) And the result of `print $a + $b + $c;` will depend upon what's in `$a`, `$b` & `$c`. I once wrote that I considered ...considered harmful., harmful. And nothing I've seen in the intervening 6 years has done anything to change my mind. Most times when someone writes "XXX considered harmful", they are really saying "I just got bitten by XXX" and so I think that Perl/government/other should do something to save me from myself. And this is no exception. Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice. "Too many [] have been sedated by an oppressive environment of political correctness and risk aversion."	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^3: Use of system() considered harmful
by BrowserUk (Patriarch) on Jun 07, 2008 at 20:17 UTC

That's why I like to avoid invoking a shell either explicitly or implicitly when calling external programs.

Isn't that exactly why system has the list argument form?

Sounds to me like you are asking for perl to restrict everyones access to useful behaviour in order to save you from yourself.

Of course, what really will happen depends on what the strings $one, $two and $three contain.

No shit Sherlock :) And the result of print $a + $b + $c; will depend upon what's in $a, $b & $c.

I once wrote that I considered ...considered harmful., harmful. And nothing I've seen in the intervening 6 years has done anything to change my mind. Most times when someone writes "XXX considered harmful", they are really saying "I just got bitten by XXX" and so I think that Perl/government/other should do something to save me from myself. And this is no exception.

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

"Too many [] have been sedated by an oppressive environment of political correctness and risk aversion."

[reply]
[d/l]
[select]