diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index 73f46ecc3..5ae017212 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -810,7 +810,6 @@ function system_syslogd_get_remote_servers($syslogcfg, $facility = "*.*") {
 function system_syslogd_start()
 {
     global $config, $g;
-    $retval = null;
 
     /* XXX temporary hook for newsyslog.conf regeneration */
     configd_run('template reload OPNsense.Syslog');
@@ -927,7 +926,6 @@ EOD;
             exec("/bin/mkdir -p {$g['dhcpd_chroot_path']}/var/run");
         }
 
-        $sourceip = "";
         if (!empty($syslogcfg['sourceip'])) {
             if ($syslogcfg['ipproto'] == "ipv6") {
                 $ifaddr = is_ipaddr($syslogcfg['sourceip']) ? $syslogcfg['sourceip'] : get_interface_ipv6($syslogcfg['sourceip']);
@@ -941,11 +939,12 @@ EOD;
                 }
             }
             if (is_ipaddr($ifaddr)) {
-                $sourceip = "-b {$ifaddr}";
+                $syslogd_extra .= exec_safe('-b %s ', $ifaddr);
             }
         }
 
-        $syslogd_extra = "-f /var/etc/syslog.conf {$sourceip}";
+        $syslogd_extra .= exec_safe('-f %s ', '/var/etc/syslog.conf');
+
         // setup log files for all facilities including default
         $default_logfile_size = !empty($syslogcfg['logfilesize']) ? $syslogcfg['logfilesize'] : '511488';
         $syslog_files = array_keys($syslogconfs);
@@ -962,14 +961,15 @@ EOD;
     if (isvalidpid('/var/run/syslog.pid')) {
         killbypid('/var/run/syslog.pid', 'HUP');
     } else {
-        $retval = mwexec_bg("/usr/local/sbin/syslogd -s -c -c -l {$g['dhcpd_chroot_path']}/var/run/log -P /var/run/syslog.pid {$syslogd_extra}");
+        mwexecf_bg(
+            "/usr/local/sbin/syslogd -s -c -c -l %s -P %s {$syslogd_extra}",
+            array("{$g['dhcpd_chroot_path']}/var/run/log", '/var/run/syslog.pid')
+        );
     }
 
     if (file_exists("/var/run/booting")) {
         echo gettext("done.") . "\n";
     }
-
-    return $retval;
 }
 
 function system_webgui_configure()
diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc
index 9b6133609..ab613ef98 100644
--- a/src/etc/inc/util.inc
+++ b/src/etc/inc/util.inc
@@ -1,6 +1,7 @@
 <?php
 
 /*
+    Copyright (C) 2015-2016 Franco Fichtner <franco@opnsense.org>
     Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
     All rights reserved.
 
@@ -980,22 +981,6 @@ function exec_command($command)
     return(implode("\n", $output));
 }
 
-/* wrapper for mwexec() ;) */
-function mwexecf($format, $args = array(), $mute = false)
-{
-    if (!is_array($args)) {
-        /* just in case there's only one argument */
-        $args = array($args);
-    }
-
-    foreach ($args as $id => $arg) {
-        $args[$id] = escapeshellarg($arg);
-    }
-
-    return mwexec(vsprintf($format, $args), $mute);
-}
-
-/* wrapper for exec() */
 function mwexec($command, $mute = false)
 {
     $oarr = array();
@@ -1015,12 +1000,35 @@ function mwexec($command, $mute = false)
     return $retval;
 }
 
-/* wrapper for exec() in background */
 function mwexec_bg($command, $mute = false)
 {
     mwexec("/usr/sbin/daemon -f {$command}", $mute);
 }
 
+function exec_safe($format, $args = array())
+{
+    if (!is_array($args)) {
+        /* just in case there's only one argument */
+        $args = array($args);
+    }
+
+    foreach ($args as $id => $arg) {
+        $args[$id] = escapeshellarg($arg);
+    }
+
+    return vsprintf($format, $args);
+}
+
+function mwexecf($format, $args = array(), $mute = false)
+{
+    return mwexec(exec_safe($format, $args), $mute);
+}
+
+function mwexecf_bg($format, $args = array(), $mute = false)
+{
+    mwexec_bg(exec_safe($format, $args), $mute);
+}
+
 
 /* check if an alias exists */
 function is_alias($name)