Apologies for the somewhat inflammatory title, but I've given the issue a fair amount of thought, and I've come to the following conclusion: perl should do more to discourage the use of system() with a single, non-constant argument.

At the very least it should emit a warning, and ideally it should it should refuse to compile since this can be detected at compile time. The way it works now gives people too many ways to shoot themselves in the foot from both a correctness perspective as well as a security perspective.

Update: merlyn has provided an answer to the following issue in his reply.

In fact, the system() routine has a flaw: there is no way to invoke a command with no arguments without having it scanned for shell metacharacters and spaces. That is, in the following example:

my $binary = "/bin/foo bar";
system($binary);
[download]

system will always try to execute /bin/foo with argument bar. But what if my executable is /bin/foo bar?

Another partial remedy would be having certain modules (like CGI) disable the use of a single-argument call to system. Users would be forced to call CORE::system() or something.

Of course, that raises the question of what to replace something like system("foo $arg | grep whatever") with. It'll take a little work, but I'm sure we can come up with a convenient API for duplicating what a shell does when setting up a pipeline of commands and redirecting IO. And one can always invoke the shell directly with system("/bin/sh", "-c", ...) if you like to live dangerously.

Ok, I'll get off my soapbox now.