In article <google.com>,
com (Jorge) wrote:
There are two significant "problems" with using system() in this case.
First, there's a very large performance overhead. Your system() call
involves a fork, an exec, loading a shell, having the shell p its
parameters, having the shell fork and exec, and finally having cp
execute. So you create two processes to copy a file.
Second, it's nearly impossible to correctly and safely use
user-specified files with system(). This is because the string is passed
straight to the shell, and the shell doesn't know that you want a file
and then another file. Spaces in the filename will break the command, so
your program would have to search for those and escape them. The same
goes for a lot of other special characters. If you forget one, then
you're potentially unsafe. Remember the iTunes installer bug a while
back that wiped out a few people's hard drives? That was beacuse they
forgot about this, didn't escape spaces, and a hard drive with a space
in its name got pd as two arguments.
In summary, system() is fine for things internal to your program if you
don't mind it being slow (if you just have to copy one file it's
probably no big deal), but should pretty much never be used with data
from the user. (And if you use it with data coming in off the network
from an untrusted source, you should have your computer taken away.)