Programmer's Ultimate Security DeskRef

_execvpe

Prototype: int _execvpe( const char *cmdname, const char *const *argv, const char *const *envp )

Summary: This function executes a file with an array of pointers to be passed to the command line using the environment variable PATH, as well as another array of pointers containing environmental parameters.

Description: The function will execute a file pointed to by the argument "cmdname", searching for it using the environmental variable PATH. The next input argument, "argv", is an array command line parameters to be used in the execution of the file. The final input argument is another array of pointers to environmental parameters to be used on execution. Ideally, the function does not return a value, as it does not return to the calling process. However, upon an error, a value of -1 is returned and the global variable ERRNO is set.

Risk: This function has the ability to execute a file on the local system. Attackers commonly target functions similar to this since they have the ability to launch potentially dangerous or malicious executables with differing privileges. It is imperative that you filter all input and never allow a user direct access to passing variables as the parameters for this function. Ensure that all special characters are stripped before the data is parsed and passed in addition to limiting access to only the desired executables. Lastly, require that all executable output is controlled within a forked or spawned process within the local application to ensure the integrity...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Signal Isolators
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.