bionic (3) system.3.gz

NAME

       system - execute a shell command

SYNOPSIS

       #include <stdlib.h>

       int system(const char *command);

DESCRIPTION

       The  system()  library  function  uses  fork(2) to create a child process that executes the shell command
       specified in command using execl(3) as follows:

           execl("/bin/sh", "sh", "-c", command, (char *) 0);

       system() returns after the command has been completed.

       During execution of the command, SIGCHLD will be blocked, and SIGINT and SIGQUIT will be ignored, in  the
       process  that  calls system() (these signals will be handled according to their defaults inside the child
       process that executes command).

       If command is NULL, then system() returns a status indicating whether a shell is available on the system.

RETURN VALUE

       The return value of system() is one of the following:

       *  If command is NULL, then a nonzero value if a shell is available, or 0 if no shell is available.

       *  If a child process could not be created, or its status could not be retrieved, the return value is -1.

       *  If a shell could not be executed in the child process, then the return value is as  though  the  child
          shell terminated by calling _exit(2) with the status 127.

       *  If  all  system calls succeed, then the return value is the termination status of the child shell used
          to execute command.  (The termination status of a shell is the termination status of the last  command
          it executes.)

       In  the  last  two  cases,  the  return  value  is  a "wait status" that can be examined using the macros
       described in waitpid(2).  (i.e., WIFEXITED(), WEXITSTATUS(), and so on).

       system() does not affect the wait status of any other children.

ATTRIBUTES

       For an explanation of the terms used in this section, see attributes(7).

       ┌──────────┬───────────────┬─────────┐
       │Interface │ Attribute     │ Value   │
       ├──────────┼───────────────┼─────────┤
       │system()  │ Thread safety │ MT-Safe │
       └──────────┴───────────────┴─────────┘

CONFORMING TO

       POSIX.1-2001, POSIX.1-2008, C89, C99.

NOTES

       system() provides simplicity and convenience: it handles all of the details of calling fork(2), execl(3),
       and  waitpid(2),  as  well as the necessary manipulations of signals; in addition, the shell performs the
       usual substitutions and I/O redirections for  command.   The  main  cost  of  system()  is  inefficiency:
       additional system calls are required to create the process that runs the shell and to execute the shell.

       If  the  _XOPEN_SOURCE feature test macro is defined (before including any header files), then the macros
       described in waitpid(2) (WEXITSTATUS(), etc.) are made available when including <stdlib.h>.

       As mentioned, system() ignores SIGINT and SIGQUIT.  This may make programs  that  call  it  from  a  loop
       uninterruptible, unless they take care themselves to check the exit status of the child.  For example:

           while (something) {
               int ret = system("foo");

               if (WIFSIGNALED(ret) &&
                   (WTERMSIG(ret) == SIGINT || WTERMSIG(ret) == SIGQUIT))
                       break;
           }

       According  to  POSIX.1,  it is unspecified whether handlers registered using pthread_atfork(3) are called
       during the execution of system().  In the glibc implementation, such handlers are not called.

       In versions of glibc before 2.1.3, the check for the availability of /bin/sh was not  actually  performed
       if  command  was  NULL;  instead it was always assumed to be available, and system() always returned 1 in
       this case.  Since glibc 2.1.3, this check is performed  because,  even  though  POSIX.1-2001  requires  a
       conforming  implementation  to  provide  a  shell,  that  shell may not be available or executable if the
       calling program has previously called chroot(2) (which is not specified by POSIX.1-2001).

       It is possible for the shell command to terminate with a status of 127, which yields  a  system()  return
       value that is indistinguishable from the case where a shell could not be executed in the child process.

   Caveats
       Do  not  use system() from a privileged program (a set-user-ID or set-group-ID program, or a program with
       capabilities) because strange values for some environment variables  might  be  used  to  subvert  system
       integrity.   For  example,  PATH  could  be  manipulated  so  that  an arbitrary program is executed with
       privilege.  Use the exec(3) family of functions instead, but not execlp(3) or execvp(3) (which  also  use
       the PATH environment variable to search for an executable).

       system()  will  not,  in fact, work properly from programs with set-user-ID or set-group-ID privileges on
       systems on which /bin/sh is bash version 2: as a security measure, bash 2 drops  privileges  on  startup.
       (Debian uses a different shell, dash(1), which does not do this when invoked as sh.)

       Any  user  input  that  is  employed  as  part  of  command should be carefully sanitized, to ensure that
       unexpected shell commands or command options are not executed.  Such  risks  are  especially  grave  when
       using system() from a privileged program.

SEE ALSO

       sh(1), execve(2), fork(2), sigaction(2), sigprocmask(2), wait(2), exec(3), signal(7)

COLOPHON

       This  page  is  part  of  release  4.15  of  the  Linux man-pages project.  A description of the project,
       information  about  reporting  bugs,  and  the  latest  version  of  this   page,   can   be   found   at
       https://www.kernel.org/doc/man-pages/.

                                                   2017-09-15                                          SYSTEM(3)