#!/usr/bin/perl

use English '-no_match_vars';

my $content = mysystem( "/bin/ls", "-l" );
print $content;

sub mysystem {
  my @args = @_;
  my $pid;
  my $content;
  die "Can't fork: $!" unless defined($pid = open(KID, "-|"));
  if( $pid ) {           # parent
    while (<KID>) {
      $content .= $_;
    }
    close KID;
    $content;
  } else {
    my @temp     = ($EUID, $EGID);
    my $orig_uid = $UID;
    my $orig_gid = $GID;
    $EUID = $UID;
    $EGID = $GID;
    # Drop privileges
    $UID  = $orig_uid;
    $GID  = $orig_gid;
    # Make sure privs are really gone
    ($EUID, $EGID) = @temp;
    die "Can't drop privileges"
      unless $UID == $EUID  && $GID eq $EGID;
    $ENV{PATH} = "/bin:/usr/bin"; # Minimal PATH.
    # Consider sanitizing the environment even more.
    exec @args
      or die "can't exec: $!";
  }
}