Are system() calls evil?

Question

I am designing an C++ app that, among other things, executes a few scripts every now and then. The app should be efficient and preferably platform independent.

The i

Answer 1

3) It is not quite platform independent (Now, this would be a concern. I would really love to see an example where it behaves differently on different platforms)

Well, for instance system("ls") would probably fail in Windows, since there is no ls command.

4) It is a security concern. (Again, this would be an issue. Can someone provide an example of a potential security problem with system() ? )

If the argument passed to system comes from user input, and not properly validated, it can be used to execute unwanted things with the privilege levels of the original executer. If its static content, its quite easy to find that within an executable image and modify it to do nasty things as well.