SYSTEM(3)                                                    Linux Programmer's Manual                                                   SYSTEM(3)

NAME

       system - execute a shell command

SYNOPSIS

       #include <stdlib.h>

       int system(const char *command);

DESCRIPTION

       The system() library function uses fork(2) to create a child process that executes the shell command specified in command using execl(3) as
       follows:

           execl("/bin/sh", "sh", "-c", command, (char *) 0);

       system() returns after the command has been completed.

       During execution of the command, SIGCHLD will be blocked, and SIGINT and SIGQUIT will be ignored, in the process that calls system() (these
       signals will be handled according to their defaults inside the child process that executes command).

       If command is NULL, then system() returns a status indicating whether a shell is available on the system.

RETURN VALUE

       The return value of system() is one of the following:

       *  If command is NULL, then a nonzero value if a shell is available, or 0 if no shell is available.

       *  If a child process could not be created, or its status could not be retrieved, the return value is -1.

       *  If a shell could not be executed in the child process, then the return value is as though the child shell terminated by calling _exit(2)
          with the status 127.

       *  If all system calls succeed, then the return value is the termination status of the child shell used to execute command.  (The  termina-
          tion status of a shell is the termination status of the last command it executes.)

       In  the  last  two cases, the return value is a "wait status" that can be examined using the macros described in waitpid(2).  (i.e., WIFEX-
       ITED(), WEXITSTATUS(), and so on).

       system() does not affect the wait status of any other children.

ATTRIBUTES

       For an explanation of the terms used in this section, see attributes(7).

       +----------+---------------+---------+
       |Interface | Attribute     | Value   |
       +----------+---------------+---------+
       |system()  | Thread safety | MT-Safe |
       +----------+---------------+---------+
CONFORMING TO

       POSIX.1-2001, POSIX.1-2008, C89, C99.

NOTES

       system() provides simplicity and convenience: it handles all of the details of calling fork(2), execl(3), and waitpid(2), as  well  as  the
       necessary  manipulations  of  signals;  in addition, the shell performs the usual substitutions and I/O redirections for command.  The main
       cost of system() is inefficiency: additional system calls are required to create the process that runs the shell and to execute the shell.

       If the _XOPEN_SOURCE feature test macro is defined (before including any header files), then the macros described in waitpid(2)  (WEXITSTA-
       TUS(), etc.) are made available when including <stdlib.h>.

       As  mentioned, system() ignores SIGINT and SIGQUIT.  This may make programs that call it from a loop uninterruptible, unless they take care
       themselves to check the exit status of the child.  For example:

           while (something) {
               int ret = system("foo");

               if (WIFSIGNALED(ret) &&
                   (WTERMSIG(ret) == SIGINT || WTERMSIG(ret) == SIGQUIT))
                       break;
           }

       According to POSIX.1, it is unspecified whether handlers registered using pthread_atfork(3) are called during the  execution  of  system().
       In the glibc implementation, such handlers are not called.

       In versions of glibc before 2.1.3, the check for the availability of /bin/sh was not actually performed if command was NULL; instead it was
       always assumed to be available, and system() always returned 1 in this case.  Since glibc 2.1.3, this  check  is  performed  because,  even
       though  POSIX.1-2001  requires a conforming implementation to provide a shell, that shell may not be available or executable if the calling
       program has previously called chroot(2) (which is not specified by POSIX.1-2001).

       It is possible for the shell command to terminate with a status of 127, which yields a system() return value that is indistinguishable from
       the case where a shell could not be executed in the child process.

   Caveats
       Do  not use system() from a privileged program (a set-user-ID or set-group-ID program, or a program with capabilities) because strange val-
       ues for some environment variables might be used to subvert system integrity.  For example, PATH could be manipulated so that an  arbitrary
       program  is  executed with privilege.  Use the exec(3) family of functions instead, but not execlp(3) or execvp(3) (which also use the PATH
       environment variable to search for an executable).

       system() will not, in fact, work properly from programs with set-user-ID or set-group-ID privileges on systems on  which  /bin/sh  is  bash
       version 2: as a security measure, bash 2 drops privileges on startup.  (Debian uses a different shell, dash(1), which does not do this when
       invoked as sh.)

       Any user input that is employed as part of command should be carefully sanitized, to ensure  that  unexpected  shell  commands  or  command
       options are not executed.  Such risks are especially grave when using system() from a privileged program.

SEE ALSO

       sh(1), execve(2), fork(2), sigaction(2), sigprocmask(2), wait(2), exec(3), signal(7)

COLOPHON

       This  page is part of release 4.15 of the Linux man-pages project.  A description of the project, information about reporting bugs, and the
       latest version of this page, can be found at https://www.kernel.org/doc/man-pages/.

                                                                    2017-09-15                                                           SYSTEM(3)