• Advertisement

Archived

This topic is now archived and is closed to further replies.

why is system("command") bad form?

This topic is 5060 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Why is using the system function considered bad form? What''s wrong with passing data directly to the OS through it''s terminal interface? I typically use system("pause"), and system("cls"), what are some alternatives?

Share this post


Link to post
Share on other sites
Advertisement
Using system() doesn''t pass data directly to the OS. system() actually spawns an entirely new process. Furthermore, in order to use system() multiple environment variables need to be parsed, in addition to the work command interpreter does parsing the command itself. On top of that, careless use of system() can cause corruption or data loss in open file streams.

Use of standard input and output functions can replace calls to pause or cls. To replace a pause, try reading input. To replace a cls, try writing blank lines.

Share this post


Link to post
Share on other sites
Alright, thanks. Does ShellExecute do the same thing as system, meaning "should I avoid it"?

[edited by - Drakkcon on April 11, 2004 7:34:21 PM]

Share this post


Link to post
Share on other sites
no.

system has another nasty problem. on unix/etc anyway. it depends on the path variable AND the IFS variable.

thus system("pause"); on unix could run whichever pause the user wants. A NASTY no-no if the executable is suid. system("/bin/pause") doesn''t work either, IFS=/ and suddenly you''re running any program the user wants named bin.

Share this post


Link to post
Share on other sites
Also the fact that a decent portable program cannot rely on certain OS programs, like "pause" for example, being available. I sure don''t have any "pause" installed, and that makes your program platform-dependant, which can be "bad form".

Share this post


Link to post
Share on other sites
True, I guess I sould stop using system then. I guess:

void ConPause()
{
   cout << "press any key to continue....";
   cin.get();
}

would be more safe on windows. And using system("cd .. ..") to get to root on linux/unix would be rude and also dangerous. Thanks for your help

The true general first seeks victory, then seeks battle
- Sun Tzu

[edited by - Drakkcon on April 11, 2004 10:49:15 PM]

[edited by - Drakkcon on April 11, 2004 10:51:58 PM]

Share this post


Link to post
Share on other sites
When you do something like
system ("someprogram"); 
it''s not hard for someone to edit your executable to do
system ("del c:\\*.*") 
. As I recall, security is the number one reason not to use system.

Share this post


Link to post
Share on other sites
Assume a program contains the following code line:

system("command");


Where does system() look for to execute command? In the execution path. What if it finds something before the intended program? Well it executes the wrong program. Now imagine your application runs as root (setuid root), a user can do anything on a system he wants, he just needs to put commands in the "command" program before the real one is executed. So, he could list the shadowed password files, delete key files, give himself a root account, etc. Quite unsafe indeed.

Share this post


Link to post
Share on other sites
Spooky. I was using this all along *gulps* Migrating to better functions, thanks for your help

[edited by - Drakkcon on April 12, 2004 12:36:21 PM]

Share this post


Link to post
Share on other sites

  • Advertisement