Programmer's Ultimate Security DeskRef

Prototype: int _execle( const char *cmdname, const char *arg0, ... const char *argn, NULL, const char *const *envp )
Summary: This function executes a file from within the current shell with an additional argument for an array of environment parameters.
Description: The function will execute a file pointed to by the argument "cmdname", which contains the path to file to be executed. The second set of input arguments ( arg0, arg1, , argN) are command line parameters to be used in the execution of the file. The final input argument is the array of pointers to environmental parameters needed for file execution. Like _execl, the function does not return a value unless an error occurs, as it does not return to the calling process. However, upon an error, a value of -1 is returned and the global variable ERRNO is set.
Risk: This function has the ability to execute a file on the local system. Attackers commonly target functions similar to this since they have the ability to launch potentially dangerous or malicious executables with differing privileges. It is imperative that you filter all input and never allow a user direct access to passing variables as the parameters for this function. Ensure that all special characters are stripped before the data is parsed and passed in addition to limiting access to only the desired executables. Lastly, require that all executable output is controlled within a forked or spawned process within the local application to ensure...