Why Should the System() Function Be Avoided in C and C++

Why should the system() function be avoided in C and C++?

There are multiple problems here:

• First of all, system() as a function is cross-platform and available not just on Windows or Linux. However, the actual programs being called might be platform dependant. For example, you can use system() to create a directory: system("md Temp"). This will only work on Windows, as Linux doesn't know a command called md. For Linux it would have to be system("mkdir Temp"). This goes on, so you'd need a custom solution for each and every platform.
• This will always spawn a child process that's then executing something. This will in general be slower than some inlined code, e.g. the command or program has to be loaded, has load it's own dependencies, then it has to be executed etc. which is usually a lot more work.

If you're just doing some quick testing on one platform, using system() is perfectly fine, but you shouldn't use it in production environments, unless you really have to. For example, you could allow the user to set an external program that is then executed. For something like this system() is perfectly fine.

Does the system() function belong to C or C++?

Both c and cpp support the function system as they have support for the stdlib.h that contains the prototype of system() function.

Is system() call in C program safe?

System() is vulnerable as the command used can be replaced. To avoid it we can use library functions like fork execl, execv, execle, execve, execlp, execvp.

Why doesn't the system() function work?

Probably because system() starts a new instance of cmd.exe, which runs your command and then exits. Thus, it doesn't hold state between invocations, unlike when you run a single instance and give it multiple commands interactively.

One way of working around this is hinted at by cmd.exe's help text:

Note that multiple commands separated by the command separator '&&'
are accepted for string if surrounded by quotes.

So, you should be able to run a command like "d: && chdir" to do both operations in a single invocation of cmd.exe.

Is it bad practice to use the system() function when library functions could be used instead? Why?

Unless you are writing code for only one OS, there is no way of knowing if your system call will even work. What happens when there is a system update or an OS upgrade?

Never use a system call if there is a library to do the same function.

How system function in C works

this is basis of fork

/*previous code*/
if((cpid=fork())<0){
    printf("\n\tFORK ERROR");
    exit(1);
}

if(cpid==0){        /*SON*/
    /*CODE FOR SON-your `execl("./infinite",0);` goes here*/

}else{              /*FATHER*/

    /*CODE FOR FATHER-your `printf("In controller End\n\n");` */

}

dont forget that when making a fork memory and variables are copied to the SON pid

System function is not working in C when the command contains ..

system does not run your normal shell. It instead always runs /bin/sh. From system(3):

DESCRIPTION

The system() library function uses fork(2) to create a child process
that executes the shell command specified in command using execl(3)
as follows:

          execl("/bin/sh", "sh", "-c", command, (char *) NULL);

system() returns after the command has been completed.

Usually /bin/sh is a shell that does not understand {1000..60000}. To run bash or zsh you need to do something like

system("/bin/bash -c 'getent passwd {1000..60000}'");

---

Related Topics