http://www.perlmonks.org?node_id=1219232


in reply to setuid system() calls on Solaris 11

system() only invokes the shell if it has a single arg containing metachars (so it's relying on the shell to parse the command line). If you do that processing yourself, perl will execute the command directly. For example, change this first line to the second line:
system "foo -x 'a b' -y bar"; system "foo", "-x", "a b", "-y", "bar";

Dave.