The following reply was made to PR bin/34740; it has been noted by GNATS.

From: jnemeth@victoria.tc.ca (John Nemeth)
To: Elad Efrat <elad@NetBSD.org>, gnats-bugs@NetBSD.org
Cc: netbsd-bugs@NetBSD.org
Subject: Re: bin/34740: usr.sbin/user/user.c:asystem hides bugs
Date: Sun, 8 Oct 2006 01:57:45 -0700

 On Feb 27, 11:56am, Elad Efrat wrote:
 } rillig@NetBSD.org wrote:
 } 
 } > The asystem() function does not handle directories containing
 } > white-space. It also does not have error checking to prevent the command
 } > from being truncated.
 } > 
 } >> How-To-Repeat:
 } > 	useradd -d "/home/Roland Illig" roland
 } > 
 } >> Fix:
 } > 
 } > Integrate sysfmt(3) into user.c, which is available from
 } > 
 } >     http://www.schlechte-software.de/sysfmt/
 } 
 } And why can't you just commit the code yourself?
 
      I think a better solution would be to create utility functions for
 this purpose (i.e. add to libutil) and adapt user to use it.  For
 various projects, I have taken both system() and popen() and converted
 them to take full path to command and argv, and use exec* to run the
 command (i.e. safe versions of those functions).
 
 }-- End of excerpt from Elad Efrat