Programmer's Ultimate Security DeskRef

Prototype: int _execlpe( const char *cmdname, const char *arg0, const char *argn, NULL, const char *const *envp )
Summary: This function executes a file from within the current shell, searching for it from the PATH environment variable, with a separate input for environmental parameters.
Description: The function will execute a file pointed to by the argument "cmdname", searching for it in the system's PATH environment variable. The next input arguments ( arg0, arg1, , argN) are command line parameters to be used in the execution of the file. The final input argument is the array of pointers to environmental parameters needed for file execution. Ideally, the function does not return a value, as it does not return to the calling process. However, upon an error, a value of -1 is returned and the global variable ERRNO is set.
Risk: This function has the ability to execute a file on the local system. Attackers commonly target functions similar to this since they have the ability to launch potentially dangerous or malicious executables with differing privileges. It is imperative that you filter all input and never allow a user direct access to passing variables as the parameters for this function. Ensure that all special characters are stripped before the data is parsed and passed in addition to limiting access to only the desired executables. Lastly, require that all executable output is controlled within a forked or spawned process within the local application to ensure the integrity of...