Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: Use of system() considered harmful

by pc88mxer (Vicar)
on Jun 07, 2008 at 15:41 UTC ( [id://690840]=note: print w/replies, xml ) Need Help??


in reply to Use of system() considered harmful

merlyn, thanks for pointing out how to force list interpretation for system.

I think my /bin/foo bar example was a red herring. A better example of what I would like to see perl discourage is the the following use of system to execute a single command: 

  system("cmd $with $some $args")

[download]
Because the argument is subject to shell interpretation, this code exposes itself to just too many pitfalls. If we saw this in someone else's code we'd clearly point out that it's unsafe.

If you really want to subject your string to shell interpretation, why not just explicitly call the shell?

It's good that perl provides a way to force list context with system. However, I'll argue that it isn't getting used when it needs to. Users are introduced to this: 

system("/bin/ls");   # run /bin/ls with no arguments

[download]
and they generalize to: 
system($cmd);        # run the $cmd command with no arguments

[download]
not: 
system {$cmd}, $cmd;

[download]
Even when we tell them to use the list version of system to safely preserve passed arguments, they can be in for a surprise. They see this: 
system($cmd, $with, $some, $args);

[download]
and generalize to: 
system($cmd, @args);

[download]
and then wonder why it doesn't work as expected when @args is the empty list.

Replies are listed 'Best First'.
Re^2: Use of system() considered harmful
by Anonymous Monk on Jun 11, 2008 at 16:29 UTC
    system {$cmd}, $cmd;

    What do the curlies do there? I don't see anything like that syntax in the manpage for system.

[reply]

      This is the "system PROGRAM LIST" syntax. It's documented more fully under exec. There are some cross-references in the system page, but I can see how you could easily miss them if you weren't looking out for something like that. Maybe the documentation could usefully be expanded to add an example of this syntax.

      (pc88mxer's version actually contains a syntax error, BTW. There shouldn't be a comma after the curlies -- it's an indirect argument, like the filehandle in print.)

[reply]
[d/l]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://690840]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others pondering the Monastery: (4)
As of 2024-04-25 22:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found