in reply to setuid system() calls on Solaris 11

system() only invokes the shell if it has a single arg containing metachars (so it's relying on the shell to parse the command line). If you do that processing yourself, perl will execute the command directly. For example, change this first line to the second line:
system "foo -x 'a b' -y bar"; system "foo", "-x", "a b", "-y", "bar";


Replies are listed 'Best First'.
Re^2: setuid system() calls on Solaris 11
by afoken (Canon) on Jul 25, 2018 at 16:27 UTC

    See also The problem of "the" default shell for the interactions of system and its friends with the default shell.


    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)