1. 10
  1. 3

    This C library provides prepared statements for the system() function. It’s under the Apache license.

    1. 3

      Maybe you can see the appeal of adopting something like this:

      return systemf1("/bin/mymagicfunc %s", user_input);

      but I’m wary of what looks like a lot of parsing and other junk. Most of the time I’ll just do this:

      setenv("a",user_input,1);return system("/bin/mymagicfunc \"$a\"");

      which is almost as convenient, has the same “security advantage” of systemf (handling spaces and special characters in user_input) and the further advantage of “a whole lot less code”, not to mention less code written by Cisco.

      1. 1

        I agree with @geocar that the formatting bits are somewhat concerning. Especially since they use nonstandard format specifiers and so can’t take advantage of compiler warnings like -Wformat.