1.\" $OpenBSD: execve.2,v 1.36 2011/09/03 22:59:07 jmc Exp $ 2.\" $NetBSD: execve.2,v 1.9 1995/02/27 12:32:25 cgd Exp $ 3.\" 4.\" Copyright (c) 1980, 1991, 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)execve.2 8.3 (Berkeley) 1/24/94 32.\" 33.Dd $Mdocdate: September 3 2011 $ 34.Dt EXECVE 2 35.Os 36.Sh NAME 37.Nm execve , 38.Nm exect 39.Nd execute a file 40.Sh SYNOPSIS 41.Fd #include <unistd.h> 42.Ft int 43.Fn execve "const char *path" "char *const argv[]" "char *const envp[]" 44.Ft int 45.Fn exect "const char *path" "char *const argv[]" "char *const envp[]" 46.Sh DESCRIPTION 47.Fn execve 48transforms the calling process into a new process. 49The new process is constructed from an ordinary file, 50whose name is pointed to by 51.Fa path , 52called the 53.Em new process file . 54This file is either an executable object file, 55or a file of data for an interpreter. 56An executable object file consists of an identifying header, 57followed by pages of data representing the initial program (text) 58and initialized data pages. 59Additional pages may be specified by the header to be initialized 60with zero data; see 61.Xr a.out 5 62and 63.Xr elf 5 . 64.Pp 65An interpreter file begins with a line of the form: 66.Bd -filled -offset indent 67.Sy #!\& 68.Em interpreter 69.Bq Em arg 70.Ed 71.Pp 72When an interpreter file is passed to 73.Fn execve 74the system instead calls 75.Fn execve 76with the specified 77.Em interpreter . 78If the optional 79.Em arg 80is specified, it becomes the first argument to the 81.Em interpreter , 82and the original 83.Ar path 84becomes the second argument; 85otherwise, 86.Ar path 87becomes the first argument. 88The original arguments are shifted over to become the subsequent arguments. 89The zeroth argument, normally the name of the file being executed, is left 90unchanged. 91.Pp 92The argument 93.Fa argv 94is a pointer to a null-terminated array of 95character pointers to NUL-terminated character strings. 96These strings construct the argument list to be made available to the new 97process. 98At least one argument must be present in the array; 99by custom, the first element should be 100the name of the executed program (for example, the last component of 101.Fa path ) . 102.Pp 103The argument 104.Fa envp 105is also a pointer to a null-terminated array of 106character pointers to NUL-terminated strings. 107A pointer to this array is normally stored in the global variable 108.Va environ . 109These strings pass information to the 110new process that is not directly an argument to the command (see 111.Xr environ 7 ) . 112.Pp 113File descriptors open in the calling process image remain open in 114the new process image, except for those for which the close-on-exec 115flag is set (see 116.Xr close 2 117and 118.Xr fcntl 2 ) . 119Descriptors that remain open are unaffected by 120.Fn execve . 121In the case of a new setuid or setgid executable being executed, if 122file descriptors 0, 1, or 2 (representing stdin, stdout, and stderr) 123are currently unallocated, these descriptors will be opened to point to 124some system file like 125.Pa /dev/null . 126The intent is to ensure these descriptors are not unallocated, since 127many libraries make assumptions about the use of these 3 file descriptors. 128.Pp 129Signals set to be ignored in the calling process are set to be ignored in 130the 131new process. 132Signals which are set to be caught in the calling process image 133are set to default action in the new process image. 134Blocked signals remain blocked regardless of changes to the signal action. 135The signal stack is reset to be undefined (see 136.Xr sigaction 2 137for more information). 138.Pp 139If the set-user-ID mode bit of the new process image file is set 140(see 141.Xr chmod 2 ) , 142the effective user ID of the new process image is set to the owner ID 143of the new process image file. 144If the set-group-ID mode bit of the new process image file is set, 145the effective group ID of the new process image is set to the group ID 146of the new process image file. 147(The effective group ID is the first element of the group list.) 148The real user ID, real group ID and 149other group IDs of the new process image remain the same as the calling 150process image. 151After any set-user-ID and set-group-ID processing, 152the effective user ID is recorded as the saved set-user-ID, 153and the effective group ID is recorded as the saved set-group-ID. 154These values may be used in changing the effective IDs later (see 155.Xr setuid 2 ) . 156The set-user-ID and set-group-ID bits have no effect if the 157new process image file is located on a file system mounted with 158the nosuid flag. 159The process will be started without the new permissions. 160.Pp 161The new process also inherits the following attributes from 162the calling process: 163.Pp 164.Bl -tag -width parent_process_ID -offset indent -compact 165.It process ID 166see 167.Xr getpid 2 168.It parent process ID 169see 170.Xr getppid 2 171.It process group ID 172see 173.Xr getpgrp 2 174.It session ID 175see 176.Xr getsid 2 177.It access groups 178see 179.Xr getgroups 2 180.It working directory 181see 182.Xr chdir 2 183.It root directory 184see 185.Xr chroot 2 186.It control terminal 187see 188.Xr termios 4 189.It resource usages 190see 191.Xr getrusage 2 192.It interval timers 193see 194.Xr getitimer 2 195(unless process image file is setuid or setgid, 196in which case all timers are disabled) 197.It resource limits 198see 199.Xr getrlimit 2 200.It file mode mask 201see 202.Xr umask 2 203.It signal mask 204see 205.Xr sigaction 2 , 206.Xr sigsetmask 3 207.El 208.Pp 209When a program is executed as a result of an 210.Fn execve 211call, it is entered as follows: 212.Bd -literal -offset indent 213main(int argc, char **argv, char **envp) 214.Ed 215.Pp 216where 217.Fa argc 218is the number of elements in 219.Fa argv 220(the 221.Dq arg count ) 222and 223.Fa argv 224points to the array of character pointers 225to the arguments themselves. 226.Pp 227The 228.Fn exect 229function is equivalent to 230.Fn execve 231with the additional property that it executes the file with the program 232tracing facilities enabled (see 233.Xr ptrace 2 ) . 234.Sh RETURN VALUES 235As the 236.Fn execve 237function overlays the current process image 238with a new process image the successful call 239has no process to return to. 240If 241.Fn execve 242does return to the calling process an error has occurred; the 243return value will be \-1 and the global variable 244.Va errno 245is set to indicate the error. 246.Sh ERRORS 247.Fn execve 248will fail and return to the calling process if: 249.Bl -tag -width Er 250.It Bq Er ENOTDIR 251A component of the path prefix is not a directory. 252.It Bq Er ENAMETOOLONG 253A component of a pathname exceeded 254.Dv {NAME_MAX} 255characters, or an entire path name exceeded 256.Dv {PATH_MAX} 257characters. 258.It Bq Er ENOENT 259The new process file does not exist. 260.It Bq Er ELOOP 261Too many symbolic links were encountered in translating the pathname. 262.It Bq Er EACCES 263Search permission is denied for a component of the path prefix. 264.It Bq Er EACCES 265The new process file is not an ordinary file. 266.It Bq Er EACCES 267The new process file mode denies execute permission. 268.It Bq Er EACCES 269The new process file is on a filesystem mounted with execution 270disabled 271.Pf ( Dv MNT_NOEXEC 272in 273.Ao Pa sys/mount.h Ac ) . 274.It Bq Er ENOEXEC 275The new process file has the appropriate access 276permission, but has an invalid magic number in its header. 277.It Bq Er ETXTBSY 278The new process file is a pure procedure (shared text) 279file that is currently open for writing or reading by some process. 280.It Bq Er ENOMEM 281The new process requires more virtual memory than 282is allowed by the imposed maximum 283.Pq Xr getrlimit 2 . 284.It Bq Er E2BIG 285The number of bytes in the new process's argument list 286is larger than the system-imposed limit. 287The limit in the system as released is 262144 bytes 288.Pf ( Dv NCARGS 289in 290.Ao Pa sys/param.h Ac ) . 291.It Bq Er EFAULT 292The new process file is not as long as indicated by 293the size values in its header. 294.It Bq Er EFAULT 295.Fa path , 296.Fa argv , 297or 298.Fa envp 299point 300to an illegal address. 301.It Bq Er EIO 302An I/O error occurred while reading from the file system. 303.It Bq Er ENFILE 304During startup of an 305.Em interpreter , 306the system file table was found to be full. 307.El 308.Sh SEE ALSO 309.Xr _exit 2 , 310.Xr fork 2 , 311.Xr execl 3 , 312.Xr exit 3 , 313.Xr a.out 5 , 314.Xr elf 5 , 315.Xr environ 7 316.Sh STANDARDS 317The 318.Fn exect 319function should not be used in portable applications. 320.Sh HISTORY 321The 322.Fn execve 323function call first appeared in 324.At v7 325and 326.Bx 3 . 327.Sh CAVEATS 328If a program is 329.Em setuid 330to a non-superuser, but is executed when the real 331.Em uid 332is 333.Dq root , 334then the program has some of the powers of a superuser as well. 335