.EE
.in
.PP
-Do not use
-.BR system ()
-from a program with set-user-ID or set-group-ID privileges,
-because strange values for some environment variables
-might be used to subvert system integrity.
-Use the
-.BR exec (3)
-family of functions instead, but not
-.BR execlp (3)
-or
-.BR execvp (3).
-.BR system ()
-will not, in fact, work properly from programs with set-user-ID or
-set-group-ID privileges on systems on which
-.I /bin/sh
-is bash version 2, since bash 2 drops privileges on startup.
-(Debian uses a modified bash which does not do this when invoked as
-.BR sh .)
-.PP
According to POSIX.1, it is unspecified whether handlers registered using
.BR pthread_atfork (3)
are called during the execution of
.BR system ()
return value that is indistinguishable from the case
where a shell could not be executed in the child process.
+.\"
+.SS Caveats
+.PP
+Do not use
+.BR system ()
+from a program with set-user-ID or set-group-ID privileges,
+because strange values for some environment variables
+might be used to subvert system integrity.
+Use the
+.BR exec (3)
+family of functions instead, but not
+.BR execlp (3)
+or
+.BR execvp (3).
+.BR system ()
+will not, in fact, work properly from programs with set-user-ID or
+set-group-ID privileges on systems on which
+.I /bin/sh
+is bash version 2, since bash 2 drops privileges on startup.
+(Debian uses a modified bash which does not do this when invoked as
+.BR sh .)
.SH SEE ALSO
.BR sh (1),
.BR execve (2),