[External] security holes in system2

     command <- paste(c(env, shQuote(command), args), collapse = " ")

What horror! Please fix or document the fact that system2 executes its
ARGUMENTS and not just the command.

Aside from being relevant to data scientists, it's a big security hole. It
means that, in some cases, something that looks like plain text in my R
code will end up being executed as a command on my system, which seems
dangerous to me.

If this is affecting you now and you need a solution then the `sys` package
has `exec_wait`:

The hacker tries and succeeds in running `rm` with `system2`:

 > system2("echo", args="hello world ; rm /etc/systemfile")
hello world
rm: cannot remove '/etc/systemfile': No such file or directory

because the semicolon starts a new command, but fails with `sys::exec_wait`:

sys::exec_wait("echo", args="hello world ; rm /etc/systemfile")

hello world ; rm /etc/systemfile

where it echoes all the args.

For simple applications it should be a drop-in replacement.

best,
 Bobby Tables