Programmer's Ultimate Security DeskRef

Prototype: int _execvpe( const char *cmdname, const char *const *argv, const char *const *envp )
Summary: This function executes a file with an array of pointers to be passed to the command line using the environment variable PATH, as well as another array of pointers containing environmental parameters.
Description: The function will execute a file pointed to by the argument "cmdname", searching for it using the environmental variable PATH. The next input argument, "argv", is an array command line parameters to be used in the execution of the file. The final input argument is another array of pointers to environmental parameters to be used on execution. Ideally, the function does not return a value, as it does not return to the calling process. However, upon an error, a value of -1 is returned and the global variable ERRNO is set.
Risk: This function has the ability to execute a file on the local system. Attackers commonly target functions similar to this since they have the ability to launch potentially dangerous or malicious executables with differing privileges. It is imperative that you filter all input and never allow a user direct access to passing variables as the parameters for this function. Ensure that all special characters are stripped before the data is parsed and passed in addition to limiting access to only the desired executables. Lastly, require that all executable output is controlled within a forked or spawned process within the local application to ensure the integrity...