> system(3) is more convenient than fork(2)/execlp(3) (get over it and write the extra 5-10 lines of code).
It's not just fork + execlp. It's also wait, SIGINT, SIGQUIT, SIGCHLD blocking / ignoring (then restoring), waiting for the exit status, etc. Most programmers get all those details wrong 90% of the time.
Also notice that your execlp() may end up calling the shell, too, if execve fails with ENOEXEC (different from plain execl()).
A better idea would be to standardize a function which takes a list of arguments (like execve), and does everything system(3) does <b>except</b> ever calling a shell. Just like the "system" from perl when called with multiple arguments.
> You have some convoluted command line and don't want to do it all by hand (write a very short shell script instead).
That's just kicking the can down the alley. Your "very short" shell script will most certainly be exploitable via its arguments. Nobody knows how to write "secure" shell scripts when their arguments are controlled by a hostile third party.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。