7

popen buffers output while system does not. is that the only difference?

I understand that popen and system both run the command through the shell. However, is popen() as evil as system()?

Ian
  • 3,500
  • 1
  • 24
  • 25
  • 4
    Anything that runs external programs via shell commands is potentially evil. But as usual, evilness is in the hands of the wielder. – Marc B Jul 28 '11 at 15:54
  • 1
    Watch out! cplusplus.com is well known for lots of errors. The explanation in the linked page is a load of cr@p – BЈовић Jul 28 '11 at 16:04
  • 3
    The most humourous bit of the explanation why `system` is so evil is the fact that the program you run could be infected with malware and that on the other hand some useless anti-malware software might show an alert because running _any other program_ is dangerous. :-) If malware makes it into another program that you call with `system`, then you have an entirely different problem unrelated to `system`, and if your antivirus program complains about launching any other program, then tasks like programming won't be much fun. – Damon Jul 28 '11 at 16:20
  • @VJo do you mean the just the forums or also the docs? – Ian Jul 28 '11 at 16:40
  • 1
    Pretty silly definition of evil. system() and popen() are no more evil than anything. Just be aware you are spinning up another application. If you need to do it then do it. Use popen() if you need to parse the output of the application use system() if you just want the error code. – Martin York Jul 28 '11 at 17:13
  • 1
    @Ian Well, docs, and now I see forum as well. The article is nicely written, but is wrong. – BЈовић Jul 28 '11 at 17:57
  • 5
    "Evil" is just hyperbole. Sadly, people read the hyperbole and see it as meaning "unremitting existential evil that will call the Elder Gods and result in the awakening of Dread Cthulu from his frozen tomb in R'lyeh" when all it really means is "better be careful and know what you're doing." – Charlie Martin Jul 28 '11 at 22:43

2 Answers2

28

Look, the whole thing about "system being evil" is, at heart, people who don't think about the security consequences of their particular use case. The only reason system is "more evil" than doing your own fork/dup/exec is that used badly, it's possible for someone to introduce a malicious command line. So, for example

#include <stdlib.h>

int main(int argc, char** argv){
    (void) system(argv[1]);
}

is certainly dumb, because someone could put, eg, rm -rf / in as the argument. And, of course, something similarly dumb could be done with popen.

But then consider something that does fork and exec using a user string for the command: the exact same vulnerability and stupidity exists.

The evil -- which is to say, the error -- lies in using a random input string as a command without some filtering, not in the system call.

Charlie Martin
  • 110,348
  • 25
  • 193
  • 263
  • `popen` and `system` goes through the shell, and thus is probably more susceptible than raw syscalls. – user877329 Jul 31 '22 at 18:20
  • @user877329 execlp(“bash”,”/bin/bash”,”rm”, “-fr”, “/“, NULL) – Charlie Martin Aug 07 '22 at 14:33
  • Yes, that is true, though for exec, you have a greater opportunity to filter the input, and only allow certain programs to be started. Obviously, the shell should not be allowed in that case. – user877329 Aug 07 '22 at 18:08
8

Neither system nor popen is evil. They are simply easy to use in such a way that cause your programs to be hacked. If you need your binary to run a separate binary, you will need to use one of those calls. Just use it properly.

That being said, system("PAUSE") is kinda excessive, when a simple cin.getline() would work.

Bill Lynch
  • 80,138
  • 16
  • 128
  • 173