Glad the teacher said it is allowed. Actually I would have a bigger problem is this was a real-life issue -- what you are trying to do is exploit a security hole, and that's not a good idea in the real world.
This exercise is designed to show you how careful you have to be when writing code so that you don't open big security holes in the system. The "ls" command does not have any option to exec another program. The program adds absolutely anything you have in the arg1 to the end of the string "/bin/ls". If you know shell, you know that the ";" character separates two commands. Can you think of a way to set up the argument so that it has a semi-colon and then the command you want to run?