Programmer's Ultimate Security DeskRef

Prototype: int _execlp( const char *cmdname, const char *arg0, ... const char *argn, NULL )
Summary: This function executes a file from within the current shell, searching for it from the PATH environment variable.
Description: The function will execute a file pointed to by the argument "cmdname", searching in the system's PATH for the file. The other input arguments ( arg0, arg1, , argN) are command line parameters to be used in the execution of the file. Ideally, the function does not return a value, as it does not return to the calling process. However, upon an error, a value of -1 is returned and the global variable ERRNO is set.
Risk: This function has the ability to execute a file on the local system. Attackers commonly target functions similar to this since they have the ability to launch potentially dangerous or malicious executables with differing privileges. It is imperative that you filter all input and never allow a user direct access to passing variables as the parameters for this function. Ensure that all special characters are stripped before the data is parsed and passed in addition to limiting access to only the desired executables. Lastly, require that all executable output is controlled within a forked or spawned process within the local application to ensure the integrity of the outputted data. If possible, avoid calling dynamic programs from within applications. Static program execution is more secure.
Note: At time of publication, this function was designed for...