381 lines
8.7 KiB
HTML
381 lines
8.7 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of SYSTEM</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>SYSTEM</H1>
|
|
Section: Linux Programmer's Manual (3)<BR>Updated: 2019-03-06<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
system - execute a shell command
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
<PRE>
|
|
<B>#include <<A HREF="file:///usr/include/stdlib.h">stdlib.h</A>></B>
|
|
|
|
<B>int system(const char *</B><I>command</I><B>);</B>
|
|
</PRE>
|
|
|
|
<A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
The
|
|
<B>system</B>()
|
|
|
|
library function uses
|
|
<B><A HREF="/cgi-bin/man/man2html?2+fork">fork</A></B>(2)
|
|
|
|
to create a child process that executes the shell command specified in
|
|
<I>command</I>
|
|
|
|
using
|
|
<B><A HREF="/cgi-bin/man/man2html?3+execl">execl</A></B>(3)
|
|
|
|
as follows:
|
|
<P>
|
|
|
|
|
|
|
|
execl("/bin/sh", "sh", "-c", command, (char *) NULL);
|
|
|
|
|
|
<P>
|
|
|
|
<B>system</B>()
|
|
|
|
returns after the command has been completed.
|
|
<P>
|
|
|
|
During execution of the command,
|
|
<B>SIGCHLD</B>
|
|
|
|
will be blocked, and
|
|
<B>SIGINT</B>
|
|
|
|
and
|
|
<B>SIGQUIT</B>
|
|
|
|
will be ignored, in the process that calls
|
|
<B>system</B>().
|
|
|
|
(These signals will be handled according to their defaults inside
|
|
the child process that executes
|
|
<I>command</I>.)
|
|
|
|
<P>
|
|
|
|
If
|
|
<I>command</I>
|
|
|
|
is NULL, then
|
|
<B>system</B>()
|
|
|
|
returns a status indicating whether a shell is available on the system.
|
|
<A NAME="lbAE"> </A>
|
|
<H2>RETURN VALUE</H2>
|
|
|
|
The return value of
|
|
<B>system</B>()
|
|
|
|
is one of the following:
|
|
<DL COMPACT>
|
|
<DT id="1">*<DD>
|
|
If
|
|
<I>command</I>
|
|
|
|
is NULL, then a nonzero value if a shell is available,
|
|
or 0 if no shell is available.
|
|
<DT id="2">*<DD>
|
|
If a child process could not be created,
|
|
or its status could not be retrieved,
|
|
the return value is -1 and
|
|
<I>errno</I>
|
|
|
|
is set to indicate the error.
|
|
<DT id="3">*<DD>
|
|
If a shell could not be executed in the child process,
|
|
then the return value is as though the child shell terminated by calling
|
|
<B><A HREF="/cgi-bin/man/man2html?2+_exit">_exit</A></B>(2)
|
|
|
|
with the status 127.
|
|
<DT id="4">*<DD>
|
|
If all system calls succeed,
|
|
then the return value is the termination status of the child shell
|
|
used to execute
|
|
<I>command</I>.
|
|
|
|
(The termination status of a shell is the termination status of
|
|
the last command it executes.)
|
|
</DL>
|
|
<P>
|
|
|
|
In the last two cases,
|
|
the return value is a "wait status" that can be examined using
|
|
the macros described in
|
|
<B><A HREF="/cgi-bin/man/man2html?2+waitpid">waitpid</A></B>(2).
|
|
|
|
(i.e.,
|
|
<B>WIFEXITED</B>(),
|
|
|
|
<B>WEXITSTATUS</B>(),
|
|
|
|
and so on).
|
|
<P>
|
|
|
|
<B>system</B>()
|
|
|
|
does not affect the wait status of any other children.
|
|
<A NAME="lbAF"> </A>
|
|
<H2>ERRORS</H2>
|
|
|
|
<B>system</B>()
|
|
|
|
can fail with any of the same errors as
|
|
<B><A HREF="/cgi-bin/man/man2html?2+fork">fork</A></B>(2).
|
|
|
|
<A NAME="lbAG"> </A>
|
|
<H2>ATTRIBUTES</H2>
|
|
|
|
For an explanation of the terms used in this section, see
|
|
<B><A HREF="/cgi-bin/man/man2html?7+attributes">attributes</A></B>(7).
|
|
|
|
<TABLE BORDER>
|
|
<TR VALIGN=top><TD><B>Interface</B></TD><TD><B>Attribute</B></TD><TD><B>Value</B><BR></TD></TR>
|
|
<TR VALIGN=top><TD>
|
|
<B>system</B>()
|
|
|
|
</TD><TD>Thread safety</TD><TD>MT-Safe<BR></TD></TR>
|
|
</TABLE>
|
|
|
|
<A NAME="lbAH"> </A>
|
|
<H2>CONFORMING TO</H2>
|
|
|
|
POSIX.1-2001, POSIX.1-2008, C89, C99.
|
|
<A NAME="lbAI"> </A>
|
|
<H2>NOTES</H2>
|
|
|
|
<B>system</B>()
|
|
|
|
provides simplicity and convenience:
|
|
it handles all of the details of calling
|
|
<B><A HREF="/cgi-bin/man/man2html?2+fork">fork</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?3+execl">execl</A></B>(3),
|
|
|
|
and
|
|
<B><A HREF="/cgi-bin/man/man2html?2+waitpid">waitpid</A></B>(2),
|
|
|
|
as well as the necessary manipulations of signals;
|
|
in addition,
|
|
the shell performs the usual substitutions and I/O redirections for
|
|
<I>command</I>.
|
|
|
|
The main cost of
|
|
<B>system</B>()
|
|
|
|
is inefficiency:
|
|
additional system calls are required to create the process that
|
|
runs the shell and to execute the shell.
|
|
<P>
|
|
|
|
If the
|
|
<B>_XOPEN_SOURCE</B>
|
|
|
|
feature test macro is defined
|
|
(before including
|
|
<I>any</I>
|
|
|
|
header files),
|
|
then the macros described in
|
|
<B><A HREF="/cgi-bin/man/man2html?2+waitpid">waitpid</A></B>(2)
|
|
|
|
(<B>WEXITSTATUS</B>(),
|
|
|
|
etc.) are made available when including
|
|
<I><<A HREF="file:///usr/include/stdlib.h">stdlib.h</A>></I>.
|
|
|
|
<P>
|
|
|
|
As mentioned,
|
|
<B>system</B>()
|
|
|
|
ignores
|
|
<B>SIGINT</B>
|
|
|
|
and
|
|
<B>SIGQUIT</B>.
|
|
|
|
This may make programs that call it
|
|
from a loop uninterruptible, unless they take care themselves
|
|
to check the exit status of the child.
|
|
For example:
|
|
<P>
|
|
|
|
|
|
|
|
while (something) {
|
|
<BR> int ret = system("foo");
|
|
<P>
|
|
<BR> if (WIFSIGNALED(ret) &&
|
|
<BR> (WTERMSIG(ret) == SIGINT || WTERMSIG(ret) == SIGQUIT))
|
|
<BR> break;
|
|
}
|
|
|
|
|
|
<P>
|
|
|
|
According to POSIX.1, it is unspecified whether handlers registered using
|
|
<B><A HREF="/cgi-bin/man/man2html?3+pthread_atfork">pthread_atfork</A></B>(3)
|
|
|
|
are called during the execution of
|
|
<B>system</B>().
|
|
|
|
In the glibc implementation, such handlers are not called.
|
|
<P>
|
|
|
|
In versions of glibc before 2.1.3, the check for the availability of
|
|
<I>/bin/sh</I>
|
|
|
|
was not actually performed if
|
|
<I>command</I>
|
|
|
|
was NULL; instead it was always assumed to be available, and
|
|
<B>system</B>()
|
|
|
|
always returned 1 in this case.
|
|
Since glibc 2.1.3, this check is performed because, even though
|
|
POSIX.1-2001 requires a conforming implementation to provide
|
|
a shell, that shell may not be available or executable if
|
|
the calling program has previously called
|
|
<B><A HREF="/cgi-bin/man/man2html?2+chroot">chroot</A></B>(2)
|
|
|
|
(which is not specified by POSIX.1-2001).
|
|
<P>
|
|
|
|
It is possible for the shell command to terminate with a status of 127,
|
|
which yields a
|
|
<B>system</B>()
|
|
|
|
return value that is indistinguishable from the case
|
|
where a shell could not be executed in the child process.
|
|
|
|
<A NAME="lbAJ"> </A>
|
|
<H3>Caveats</H3>
|
|
|
|
<P>
|
|
|
|
Do not use
|
|
<B>system</B>()
|
|
|
|
from a privileged program
|
|
(a set-user-ID or set-group-ID program, or a program with capabilities)
|
|
because strange values for some environment variables
|
|
might be used to subvert system integrity.
|
|
For example,
|
|
<B>PATH</B>
|
|
|
|
could be manipulated so that an arbitrary program
|
|
is executed with privilege.
|
|
Use the
|
|
<B><A HREF="/cgi-bin/man/man2html?3+exec">exec</A></B>(3)
|
|
|
|
family of functions instead, but not
|
|
<B><A HREF="/cgi-bin/man/man2html?3+execlp">execlp</A></B>(3)
|
|
|
|
or
|
|
<B><A HREF="/cgi-bin/man/man2html?3+execvp">execvp</A></B>(3)
|
|
|
|
(which also use the
|
|
<B>PATH</B>
|
|
|
|
environment variable to search for an executable).
|
|
<P>
|
|
|
|
<B>system</B>()
|
|
|
|
will not, in fact, work properly from programs with set-user-ID or
|
|
set-group-ID privileges on systems on which
|
|
<I>/bin/sh</I>
|
|
|
|
is bash version 2: as a security measure, bash 2 drops privileges on startup.
|
|
(Debian uses a different shell,
|
|
<B><A HREF="/cgi-bin/man/man2html?1+dash">dash</A></B>(1),
|
|
|
|
which does not do this when invoked as
|
|
<B>sh</B>.)
|
|
|
|
<P>
|
|
|
|
Any user input that is employed as part of
|
|
<I>command</I>
|
|
|
|
should be
|
|
<I>carefully</I>
|
|
|
|
sanitized, to ensure that unexpected shell commands or command options
|
|
are not executed.
|
|
Such risks are especially grave when using
|
|
<B>system</B>()
|
|
|
|
from a privileged program.
|
|
<A NAME="lbAK"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?1+sh">sh</A></B>(1),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?2+execve">execve</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?2+fork">fork</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?2+sigaction">sigaction</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?2+sigprocmask">sigprocmask</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?2+wait">wait</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?3+exec">exec</A></B>(3),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?7+signal">signal</A></B>(7)
|
|
|
|
<A NAME="lbAL"> </A>
|
|
<H2>COLOPHON</H2>
|
|
|
|
This page is part of release 5.05 of the Linux
|
|
<I>man-pages</I>
|
|
|
|
project.
|
|
A description of the project,
|
|
information about reporting bugs,
|
|
and the latest version of this page,
|
|
can be found at
|
|
<A HREF="https://www.kernel.org/doc/man-pages/.">https://www.kernel.org/doc/man-pages/.</A>
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="5"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="6"><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT id="7"><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DT id="8"><A HREF="#lbAE">RETURN VALUE</A><DD>
|
|
<DT id="9"><A HREF="#lbAF">ERRORS</A><DD>
|
|
<DT id="10"><A HREF="#lbAG">ATTRIBUTES</A><DD>
|
|
<DT id="11"><A HREF="#lbAH">CONFORMING TO</A><DD>
|
|
<DT id="12"><A HREF="#lbAI">NOTES</A><DD>
|
|
<DL>
|
|
<DT id="13"><A HREF="#lbAJ">Caveats</A><DD>
|
|
</DL>
|
|
<DT id="14"><A HREF="#lbAK">SEE ALSO</A><DD>
|
|
<DT id="15"><A HREF="#lbAL">COLOPHON</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:05:58 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|