1SYSTEM(3) Linux Programmer's Manual SYSTEM(3)
2
6 system - execute a shell command
7
9 #include <stdlib.h>
10 int system(const char *command);
12
14 The system() library function uses fork(2) to create a child process
15 that executes the shell command specified in command using execl(3) as
16 follows:
17 execl("/bin/sh", "sh", "-c", command, (char *) 0);
19 system() returns after the command has been completed.
21 During execution of the command, SIGCHLD will be blocked, and SIGINT
23 and SIGQUIT will be ignored, in the process that calls system() (these
24 signals will be handled according to their defaults inside the child
25 process that executes command).
26 If command is NULL, then system() returns a status indicating whether a
28 shell is available on the system.
29
31 The return value of system() is one of the following:
32 * If command is NULL, then a nonzero value if a shell is available, or
34 0 if no shell is available.
35 * If a child process could not be created, or its status could not be
37 retrieved, the return value is -1.
38 * If a shell could not be executed in the child process, then the
40 return value is as though the child shell terminated by calling
41 _exit(2) with the status 127.
42 * If all system calls succeed, then the return value is the termina‐
44 tion status of the child shell used to execute command. (The termi‐
45 nation status of a shell is the termination status of the last com‐
46 mand it executes.)
47 In the last two cases, the return value is a "wait status" that can be
49 examined using the macros described in waitpid(2). (i.e., WIFEXITED(),
50 WEXITSTATUS(), and so on).
51 system() does not affect the wait status of any other children.
53
55 For an explanation of the terms used in this section, see
56 attributes(7).
57 ┌──────────┬───────────────┬─────────┐
59 │Interface │ Attribute │ Value │
60 ├──────────┼───────────────┼─────────┤
61 │system() │ Thread safety │ MT-Safe │
62 └──────────┴───────────────┴─────────┘
64 POSIX.1-2001, POSIX.1-2008, C89, C99.
65
67 system() provides simplicity and convenience: it handles all of the
68 details of calling fork(2), execl(3), and waitpid(2), as well as the
69 necessary manipulations of signals; in addition, the shell performs the
70 usual substitutions and I/O redirections for command. The main cost of
71 system() is inefficiency: additional system calls are required to cre‐
72 ate the process that runs the shell and to execute the shell.
73 If the _XOPEN_SOURCE feature test macro is defined (before including
75 any header files), then the macros described in waitpid(2) (WEXITSTA‐
76 TUS(), etc.) are made available when including <stdlib.h>.
77 As mentioned, system() ignores SIGINT and SIGQUIT. This may make pro‐
79 grams that call it from a loop uninterruptible, unless they take care
80 themselves to check the exit status of the child. For example:
81 while (something) {
83 int ret = system("foo");
84 if (WIFSIGNALED(ret) &&
86 (WTERMSIG(ret) == SIGINT || WTERMSIG(ret) == SIGQUIT))
87 break;
88 }
89 According to POSIX.1, it is unspecified whether handlers registered
91 using pthread_atfork(3) are called during the execution of system().
92 In the glibc implementation, such handlers are not called.
93 In versions of glibc before 2.1.3, the check for the availability of
95 /bin/sh was not actually performed if command was NULL; instead it was
96 always assumed to be available, and system() always returned 1 in this
97 case. Since glibc 2.1.3, this check is performed because, even though
98 POSIX.1-2001 requires a conforming implementation to provide a shell,
99 that shell may not be available or executable if the calling program
100 has previously called chroot(2) (which is not specified by
101 POSIX.1-2001).
102 It is possible for the shell command to terminate with a status of 127,
104 which yields a system() return value that is indistinguishable from the
105 case where a shell could not be executed in the child process.
106 Caveats
108 Do not use system() from a privileged program (a set-user-ID or set-
109 group-ID program, or a program with capabilities) because strange val‐
110 ues for some environment variables might be used to subvert system
111 integrity. For example, PATH could be manipulated so that an arbitrary
112 program is executed with privilege. Use the exec(3) family of func‐
113 tions instead, but not execlp(3) or execvp(3) (which also use the PATH
114 environment variable to search for an executable).
115 system() will not, in fact, work properly from programs with set-user-
117 ID or set-group-ID privileges on systems on which /bin/sh is bash ver‐
118 sion 2: as a security measure, bash 2 drops privileges on startup.
119 (Debian uses a different shell, dash(1), which does not do this when
120 invoked as sh.)
121 Any user input that is employed as part of command should be carefully
123 sanitized, to ensure that unexpected shell commands or command options
124 are not executed. Such risks are especially grave when using system()
125 from a privileged program.
126
128 sh(1), execve(2), fork(2), sigaction(2), sigprocmask(2), wait(2),
129 exec(3), signal(7)
130
132 This page is part of release 4.16 of the Linux man-pages project. A
133 description of the project, information about reporting bugs, and the
134 latest version of this page, can be found at
135 https://www.kernel.org/doc/man-pages/.
136 2017-09-15 SYSTEM(3)