2 .\" Copyright (c) 1993 by Thomas Koenig (ig25@rz.uni-karlsruhe.de)
3 .\" and Copyright (c) 2014 by Michael Kerrisk <mtk.manpages@gmail.com>
5 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
7 .\" Modified Sat Jul 24 17:51:15 1993 by Rik Faith (faith@cs.unc.edu)
8 .\" Modified 11 May 1998 by Joseph S. Myers (jsm28@cam.ac.uk)
9 .\" Modified 14 May 2001, 23 Sep 2001 by aeb
12 .TH system 3 (date) "Linux man-pages (unreleased)"
14 system \- execute a shell command
17 .RI ( libc ", " \-lc )
20 .B #include <stdlib.h>
22 .BI "int system(const char *" "command" );
27 library function behaves as if it used
29 to create a child process that executed the shell command specified in
37 execl("/bin/sh", "sh", "\-c", command, (char *) NULL);
42 returns after the command has been completed.
44 During execution of the command,
50 will be ignored, in the process that calls
52 (These signals will be handled according to their defaults inside
53 the child process that executes
60 returns a status indicating whether a shell is available on the system.
64 is one of the following:
68 is NULL, then a nonzero value if a shell is available,
69 or 0 if no shell is available.
71 If a child process could not be created,
72 or its status could not be retrieved,
73 the return value is \-1 and
75 is set to indicate the error.
77 If a shell could not be executed in the child process,
78 then the return value is as though the child shell terminated by calling
82 If all system calls succeed,
83 then the return value is the termination status of the child shell
86 (The termination status of a shell is the termination status of
87 the last command it executes.)
89 In the last two cases,
90 the return value is a "wait status" that can be examined using
91 the macros described in
99 does not affect the wait status of any other children.
102 can fail with any of the same errors as
105 For an explanation of the terms used in this section, see
113 Interface Attribute Value
116 T} Thread safety MT-Safe
122 POSIX.1-2001, POSIX.1-2008, C99.
125 provides simplicity and convenience:
126 it handles all of the details of calling
131 as well as the necessary manipulations of signals;
133 the shell performs the usual substitutions and I/O redirections for
138 additional system calls are required to create the process that
139 runs the shell and to execute the shell.
143 feature test macro is defined
147 then the macros described in
149 .RB ( WEXITSTATUS (),
150 etc.) are made available when including
159 This may make programs that call it
160 from a loop uninterruptible, unless they take care themselves
161 to check the exit status of the child.
167 int ret = system("foo");
169 if (WIFSIGNALED(ret) &&
170 (WTERMSIG(ret) == SIGINT || WTERMSIG(ret) == SIGQUIT))
176 According to POSIX.1, it is unspecified whether handlers registered using
177 .BR pthread_atfork (3)
178 are called during the execution of
180 In the glibc implementation, such handlers are not called.
182 Before glibc 2.1.3, the check for the availability of
184 was not actually performed if
186 was NULL; instead it was always assumed to be available, and
188 always returned 1 in this case.
189 Since glibc 2.1.3, this check is performed because, even though
190 POSIX.1-2001 requires a conforming implementation to provide
191 a shell, that shell may not be available or executable if
192 the calling program has previously called
194 (which is not specified by POSIX.1-2001).
196 It is possible for the shell command to terminate with a status of 127,
199 return value that is indistinguishable from the case
200 where a shell could not be executed in the child process.
205 from a privileged program
206 (a set-user-ID or set-group-ID program, or a program with capabilities)
207 because strange values for some environment variables
208 might be used to subvert system integrity.
211 could be manipulated so that an arbitrary program
212 is executed with privilege.
215 family of functions instead, but not
221 environment variable to search for an executable).
224 will not, in fact, work properly from programs with set-user-ID or
225 set-group-ID privileges on systems on which
227 is bash version 2: as a security measure, bash 2 drops privileges on startup.
228 (Debian uses a different shell,
230 which does not do this when invoked as
233 Any user input that is employed as part of
237 sanitized, to ensure that unexpected shell commands or command options
239 Such risks are especially grave when using
241 from a privileged program.
243 .\" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029)
244 .\" [glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143)
245 .\" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440)
246 If the command name starts with a hyphen,
248 interprets the command name as an option,
249 and the behavior is undefined.
254 To work around this problem,
255 prepend the command with a space as in the following call:
259 system(" \-unfortunate\-command\-name");