Re^9: Question using system.

I guess the assumption here is that the script is executing with higher privs than the user supplying the arguments?

Not necessarily. Imagine this simple backup script.

my @to_backup = File::Find::Rule->file()
                                ->...
                                ->in('.')

for my $file_qn (@to_backup) {
   open(my $backup, "backup $file_qn |")
      or die;

   ...
}
[download]

By running the above, you'd be running commands outside of the script's control, even if there's no intent (malevolent or otherwise) to do so. Fix:

my @to_backup = File::Find::Rule->file()
                                ->...
                                ->in('.')

for my $file_qn (@to_backup) {
   open(my $backup, '-|', 'backup', $file_qn)
      or die;

   ...
}
[download]

Comment on Re^9: Question using system. Select or Download Code