1.\" $NetBSD: execve.2,v 1.31 2003/04/16 13:34:51 wiz Exp $ 2.\" 3.\" Copyright (c) 1980, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by the University of 17.\" California, Berkeley and its contributors. 18.\" 4. Neither the name of the University nor the names of its contributors 19.\" may be used to endorse or promote products derived from this software 20.\" without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" @(#)execve.2 8.5 (Berkeley) 6/1/94 35.\" 36.Dd August 11, 2002 37.Dt EXECVE 2 38.Os 39.Sh NAME 40.Nm execve 41.Nd execute a file 42.Sh LIBRARY 43.Lb libc 44.Sh SYNOPSIS 45.In unistd.h 46.Ft int 47.Fn execve "const char *path" "char *const argv[]" "char *const envp[]" 48.Sh DESCRIPTION 49.Fn execve 50transforms the calling process into a new process. 51The new process is constructed from an ordinary file, 52whose name is pointed to by 53.Fa path , 54called the 55.Em new process file . 56This file is either an executable object file, 57or a file of data for an interpreter. 58An executable object file consists of an identifying header, 59followed by pages of data representing the initial program (text) 60and initialized data pages. 61Additional pages may be specified 62by the header to be initialized with zero data; see 63.Xr a.out 5 . 64.Pp 65An interpreter file begins with a line of the form: 66.Pp 67.Bd -filled -offset indent -compact 68.Sy \&#! 69.Em interpreter 70.Bq Em arg 71.Ed 72.Pp 73When an interpreter file is 74.Fn execve Ns d 75the system runs the specified 76.Em interpreter . 77If the optional 78.Em arg 79is specified, it becomes the first argument to the 80.Em interpreter , 81and the name of the originally 82.Fn execve Ns d 83file becomes the second argument; 84otherwise, the name of the originally 85.Fn execve Ns d 86file becomes the first argument. 87The original arguments are shifted over to become the subsequent arguments. 88The zeroth argument, normally the name of the 89.Fn execve Ns d 90file, is left unchanged. 91The interpreter named by 92.Em interpreter 93must not itself be an interpreter file. 94.Pp 95The argument 96.Fa argv 97is a pointer to a null-terminated array of 98character pointers to null-terminated character strings. 99These strings construct the argument list to be made available to the new 100process. 101By custom, the first element should be 102the name of the executed program (for example, the last component of 103.Fa path ) . 104.Pp 105The argument 106.Fa envp 107is also a pointer to a null-terminated array of 108character pointers to null-terminated strings. 109A pointer to this array is normally stored in the global variable 110.Va environ . 111These strings pass information to the 112new process that is not directly an argument to the command (see 113.Xr environ 7 ) . 114.Pp 115File descriptors open in the calling process image remain open in 116the new process image, except for those for which the close-on-exec 117flag is set (see 118.Xr close 2 119and 120.Xr fcntl 2 ) . 121Descriptors that remain open are unaffected by 122.Fn execve . 123.Pp 124In the case of a new setuid or setgid executable being executed, if 125file descriptors 0, 1, or 2 (representing stdin, stdout, and stderr) 126are currently unallocated, these descriptors will be opened to point to 127some system file like 128.Pa /dev/null . 129The intent is to ensure these descriptors are not unallocated, since 130many libraries make assumptions about the use of these 3 file descriptors. 131.Pp 132Signals set to be ignored in the calling process are set to be ignored in 133the new process. 134Signals which are set to be caught in the calling process image 135are set to default action in the new process image. 136Blocked signals remain blocked regardless of changes to the signal action. 137The signal stack is reset to be undefined (see 138.Xr sigaction 2 139for more information). 140.Pp 141If the set-user-ID mode bit of the new process image file is set 142(see 143.Xr chmod 2 ) , 144the effective user ID of the new process image is set to the owner ID 145of the new process image file. 146If the set-group-ID mode bit of the new process image file is set, 147the effective group ID of the new process image is set to the group ID 148of the new process image file. 149(The effective group ID is the first element of the group list.) 150The real user ID, real group ID and 151other group IDs of the new process image remain the same as the calling 152process image. 153After any set-user-ID and set-group-ID processing, 154the effective user ID is recorded as the saved set-user-ID, 155and the effective group ID is recorded as the saved set-group-ID. 156These values may be used in changing the effective IDs later (see 157.Xr setuid 2 ) . 158.ne 1i 159.Pp 160The new process also inherits the following attributes from 161the calling process: 162.Pp 163.Bl -column parent_process_ID -offset indent -compact 164.It process ID Ta see Xr getpid 2 165.It parent process ID Ta see Xr getppid 2 166.It process group ID Ta see Xr getpgrp 2 167.It access groups Ta see Xr getgroups 2 168.It working directory Ta see Xr chdir 2 169.It root directory Ta see Xr chroot 2 170.It control terminal Ta see Xr termios 4 171.It resource usages Ta see Xr getrusage 2 172.It interval timers Ta see Xr getitimer 2 173.It resource limits Ta see Xr getrlimit 2 174.It file mode mask Ta see Xr umask 2 175.It signal mask Ta see Xr sigaction 2 , 176.Xr sigprocmask 2 177.El 178.Pp 179When a program is executed as a result of an 180.Fn execve 181call, it is entered as follows: 182.Bd -literal -offset indent 183main(argc, argv, envp) 184int argc; 185char **argv, **envp; 186.Ed 187.Pp 188where 189.Fa argc 190is the number of elements in 191.Fa argv 192(the 193.Dq arg count ) 194and 195.Fa argv 196points to the array of character pointers 197to the arguments themselves. 198.Sh RETURN VALUES 199As the 200.Fn execve 201function overlays the current process image 202with a new process image the successful call 203has no process to return to. 204If 205.Fn execve 206does return to the calling process an error has occurred; the 207return value will be -1 and the global variable 208.Va errno 209is set to indicate the error. 210.Sh ERRORS 211.Fn execve 212will fail and return to the calling process if: 213.Bl -tag -width Er 214.It Bq Er ENOTDIR 215A component of the path prefix is not a directory. 216.It Bq Er ENAMETOOLONG 217A component of a pathname exceeded 218.Dv {NAME_MAX} 219characters, or an entire path name exceeded 220.Dv {PATH_MAX} 221characters. 222.It Bq Er ENOENT 223The new process file does not exist. 224.It Bq Er ELOOP 225Too many symbolic links were encountered in translating the pathname. 226.It Bq Er EACCES 227Search permission is denied for a component of the path prefix, 228the new process file is not an ordinary file, 229its file mode denies execute permission, or 230it is on a filesystem mounted with execution 231disabled 232.Pf ( Dv MNT_NOEXEC 233in 234.Ao Pa sys/mount.h Ac ) . 235.It Bq Er ENOEXEC 236The new process file has the appropriate access 237permission, but has an invalid magic number in its header. 238.It Bq Er ETXTBSY 239The new process file is a pure procedure (shared text) 240file that is currently open for writing or reading by some process. 241.ne 1i 242.It Bq Er ENOMEM 243The new process requires more virtual memory than 244is allowed by the imposed maximum 245.Pq Xr getrlimit 2 . 246.It Bq Er E2BIG 247The number of bytes in the new process's argument list 248is larger than the system-imposed limit. 249The limit in the system as released is 262144 bytes 250.Pf ( Dv NCARGS 251in 252.Ao Pa sys/param.h Ac ) . 253.It Bq Er EFAULT 254The new process file is not as long as indicated by 255the size values in its header. 256.It Bq Er EFAULT 257.Fa path , 258.Fa argv , 259or 260.Fa envp 261point 262to an illegal address. 263.It Bq Er EIO 264An I/O error occurred while reading from the file system. 265.El 266.Sh SEE ALSO 267.Xr _exit 2 , 268.Xr fork 2 , 269.Xr execl 3 , 270.Xr environ 7 271.Sh STANDARDS 272The 273.Fn execve 274function conforms to 275.St -p1003.1-90 . 276.Sh HISTORY 277The 278.Fn execve 279function call appeared in 280.Bx 4.2 . 281.Sh BUGS 282If a program is 283.Em setuid 284to a non-super-user, but is executed when 285the real 286.Em uid 287is 288.Dq root , 289then the program has some of the powers of a super-user as well. 290