system.3: Create a "Caveats" subsection to hold warnings about the use of system()

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

diff --git a/man3/system.3 b/man3/system.3
index 9c66242f95969b9684dc982d8b7f8f5063d50fe3..16ac789bcf5bf9f1900a0facc46b6387a95bc856 100644 (file)
--- a/man3/system.3
+++ b/man3/system.3
@@ -174,25 +174,6 @@ while (something) {
 .EE
 .in
 .PP
-Do not use
-.BR system ()
-from a program with set-user-ID or set-group-ID privileges,
-because strange values for some environment variables
-might be used to subvert system integrity.
-Use the
-.BR exec (3)
-family of functions instead, but not
-.BR execlp (3)
-or
-.BR execvp (3).
-.BR system ()
-will not, in fact, work properly from programs with set-user-ID or
-set-group-ID privileges on systems on which
-.I /bin/sh
-is bash version 2, since bash 2 drops privileges on startup.
-(Debian uses a modified bash which does not do this when invoked as
-.BR sh .)
-.PP
 According to POSIX.1, it is unspecified whether handlers registered using
 .BR pthread_atfork (3)
 are called during the execution of
@@ -218,6 +199,27 @@ which yields a
 .BR system ()
 return value that is indistinguishable from the case
 where a shell could not be executed in the child process.
+.\"
+.SS Caveats
+.PP
+Do not use
+.BR system ()
+from a program with set-user-ID or set-group-ID privileges,
+because strange values for some environment variables
+might be used to subvert system integrity.
+Use the
+.BR exec (3)
+family of functions instead, but not
+.BR execlp (3)
+or
+.BR execvp (3).
+.BR system ()
+will not, in fact, work properly from programs with set-user-ID or
+set-group-ID privileges on systems on which
+.I /bin/sh
+is bash version 2, since bash 2 drops privileges on startup.
+(Debian uses a modified bash which does not do this when invoked as
+.BR sh .)
 .SH SEE ALSO
 .BR sh (1),
 .BR execve (2),