Back to General and Gameplay Programming

why is system("command") bad form?

General and Gameplay Programming Programming

Started by Drakkcon April 11, 2004 06:16 PM

7 comments, last by Drakkcon 20 years ago

Drakkcon

612

Author

April 11, 2004 06:16 PM

Why is using the system function considered bad form? What''s wrong with passing data directly to the OS through it''s terminal interface? I typically use system("pause"), and system("cls"), what are some alternatives?

SiCrane

11,840

April 11, 2004 06:29 PM

Using system() doesn''t pass data directly to the OS. system() actually spawns an entirely new process. Furthermore, in order to use system() multiple environment variables need to be parsed, in addition to the work command interpreter does parsing the command itself. On top of that, careless use of system() can cause corruption or data loss in open file streams.

Use of standard input and output functions can replace calls to pause or cls. To replace a pause, try reading input. To replace a cls, try writing blank lines.

Drakkcon

612

Author

April 11, 2004 06:34 PM

Alright, thanks. Does ShellExecute do the same thing as system, meaning "should I avoid it"?

[edited by - Drakkcon on April 11, 2004 7:34:21 PM]

C-Junkie

1,099

April 11, 2004 07:21 PM

no.

system has another nasty problem. on unix/etc anyway. it depends on the path variable AND the IFS variable.

thus system("pause"); on unix could run whichever pause the user wants. A NASTY no-no if the executable is suid. system("/bin/pause") doesn''t work either, IFS=/ and suddenly you''re running any program the user wants named bin.

Doc

586

April 11, 2004 07:53 PM

Also the fact that a decent portable program cannot rely on certain OS programs, like "pause" for example, being available. I sure don''t have any "pause" installed, and that makes your program platform-dependant, which can be "bad form".

My stuff.Shameless promotion: FreePop: The GPL god-sim.

Drakkcon

612

Author

April 11, 2004 09:48 PM

True, I guess I sould stop using system then. I guess:

void ConPause()
{
cout << "press any key to continue....";
cin.get();
}

would be more safe on windows. And using system("cd .. ..") to get to root on linux/unix would be rude and also dangerous. Thanks for your help

The true general first seeks victory, then seeks battle
- Sun Tzu

[edited by - Drakkcon on April 11, 2004 10:49:15 PM]

[edited by - Drakkcon on April 11, 2004 10:51:58 PM]

bobstevens

204

April 12, 2004 09:56 AM

When you do something like

system ("someprogram");

it''s not hard for someone to edit your executable to do

system ("del c:\\*.*")

. As I recall, security is the number one reason not to use system.

GnuVince

259

April 12, 2004 10:20 AM

Assume a program contains the following code line:

system("command");

Where does system() look for to execute command? In the execution path. What if it finds something before the intended program? Well it executes the wrong program. Now imagine your application runs as root (setuid root), a user can do anything on a system he wants, he just needs to put commands in the "command" program before the real one is executed. So, he could list the shadowed password files, delete key files, give himself a root account, etc. Quite unsafe indeed.