New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multi-argument system() invokes the shell under Win32 #8961
Comments
From @pjfG'day wonderful maintainers, I've discovered that under Win32 systems the multi-argument version of system("this_command_does_not_exist",1); A warning ('this_command_does_not_exist' is not recognised as an internal or As far as I can tell, whenever the win32 port of Perl fails to start a There are two issues this presents: 1) It's very difficult to tell the difference between a 2) The shell may be invoked even though the multi-argument Having the multi-argument form of system always avoid the shell overcomes Of course, our risk here is that if anyone's actually been relying upon this I believe our other option is to document this in perlfunc, perlport and I'm happy to do the legwork here (be it documentation or code), but I'm I'll be independently upgrading IPC::System::Simple on the CPAN in the next Cheerio, Paul Obligatory perl -V data follows. Summary of my perl5 (revision 5 version 8 subversion 8) configuration: Characteristics of this binary (from libperl): |
From @pjfG'day p5p, This is just a nudge on this bug, since I potentially have some free ---cut here--- system("echo", "%PATH%"); # works fine on Win32 And here's the crux of the problem. Currently, that does work fine under Using an indirect object with "exec" or "system" is also more @args = ( "echo surprise" ); exec @args; # subject to shell escapes exec { $args[0] } @args; # safe even with one-arg list Under Windows, Perl's system() is currently doing exactly what it ---cut here--- My fear here is that people may expecting multi-argument system under Do we: 1) Change multi-argument system() under Windows to never use the code. 2) Emit some sort of deprecation warning when multi-arg system() under 3) Leave the code as-is, and fix the documentation. This is easy, and 4) Same as (3), but provide some sort of mechanism to *make* them work use feature 'system'; Except probably with a less ambiguous name than just 'system'. This 5) Same a (3), but bundle a core module that people can use to make it Feedback and thoughts would be greatly appreciated. If you don't know, Cheerio, Paul -- |
The RT System itself - Status changed from 'new' to 'open' |
From @pjf(Reposting to p5p, since I didn't realise that a simple response via RT G'day p5p, This is just a nudge on this bug, since I potentially have some free ---cut here--- system("echo", "%PATH%"); # works fine on Win32 And here's the crux of the problem. Currently, that does work fine under Using an indirect object with "exec" or "system" is also more @args = ( "echo surprise" ); exec @args; # subject to shell escapes exec { $args[0] } @args; # safe even with one-arg list Under Windows, Perl's system() is currently doing exactly what it ---cut here--- My fear here is that people may expecting multi-argument system under Do we: 1) Change multi-argument system() under Windows to never use the code. 2) Emit some sort of deprecation warning when multi-arg system() under 3) Leave the code as-is, and fix the documentation. This is easy, and 4) Same as (3), but provide some sort of mechanism to *make* them work use feature 'system'; Except probably with a less ambiguous name than just 'system'. This 5) Same a (3), but bundle a core module that people can use to make it Feedback and thoughts would be greatly appreciated. If you don't know, Cheerio, Paul -- |
From @demerphqOn 7/11/07, Paul Fenwick <pjf@perltraining.com.au> wrote:
If its done as part of a major upgrade its fair IMO. But if Jan Dubois or Steve Hay were to disagree with me id bow to their opinion. Yves -- |
From @bulk88On Wed Jul 11 06:38:37 2007, demerphq wrote:
CCing them. I played around with this bug a little bit, when you feed a list to system('echo', ' & echo JAPH'); becomes echo " & echo JAPH" which fails,so it is retried to CreateProcess as cmd.exe /x/d/c "echo " & echo JAPH"" yes those 2 double quotes look funny. The result printed to console is C:\p517\perl> C:\p517\perl> |
From @janduboisOn Wed, Dec 26, 2012 at 5:43 PM, bulk88 via RT <perlbug-followup@perl.org>wrote:
I agree with Yves. I think the current behavior is a bug, and fixing it Cheers, |
This is still broken. I have an unfinished patch that fixes both this and #13190, but since it's a breaking change and we're almost in the user-visible changes freeze, I'll probably make a PR early in 5.34 release cycle. |
Thanks! I have added a 5.34.0 milestone so we don't forget. |
Migrated from rt.perl.org#43631 (status was 'open')
Searchable as RT43631$
The text was updated successfully, but these errors were encountered: