In base R, there are 3 main mechanisms for invoking a system command: system
, system2
, and shell
(which seems to share a manpage with system
). None of them provide a very reliable cross-platform way to run a system command without a shell getting in the way - and if a shell intervenes, we need to worry about shell injection attacks, about making sure the quoting is correct, and so on.
Some languages provide direct access to the C-level execvp
function (e.g. Perl's system PROGRAM LIST
mechanism), which is extremely helpful when I want to make sure that the strings in an array are exactly the strings the subprocess will see in its arguments, without looking around for the appropriate quoting routine for embedded whitespace, quotes, etc. and worrying about what they'll do on different platforms and different versions of shells.
Is there a similar no-shell system-call mechanism available in R, perhaps in a CRAN package somewhere? And/or is there any appetite for creating such a mechanism if there isn't one already?