[Unix-specific; followups to comp.unix.questions]
Beware system(). It calls /bin/sh to do its dirty work, which is oneQuote:>system ("command > /dev/null 2>&1");
reason it's so attractive to novice Unix programmers. However, if
anything in the command line is non-constant, then system() usally is
a security hole. Ignoring buffer size issues for the moment,
sprintf(buf, "/usr/lib/sendmail -oem '%s' <%s", address, tempfile);
Looks great, right? But what if the address is "'; rm -rf $HOME; '"?
Bzzt! You lose the security sweepstakes. I hope you have backups...