1.\" $NetBSD: execve.2,v 1.40 2010/05/31 12:16:20 njoly Exp $ 2.\" 3.\" Copyright (c) 1980, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)execve.2 8.5 (Berkeley) 6/1/94 31.\" 32.Dd February 24, 2008 33.Dt EXECVE 2 34.Os 35.Sh NAME 36.Nm execve 37.Nd execute a file 38.Sh LIBRARY 39.Lb libc 40.Sh SYNOPSIS 41.In unistd.h 42.Ft int 43.Fn execve "const char *path" "char *const argv[]" "char *const envp[]" 44.Sh DESCRIPTION 45.Fn execve 46transforms the calling process into a new process. 47The new process is constructed from an ordinary file, 48whose name is pointed to by 49.Fa path , 50called the 51.Em new process file . 52This file is either an executable object file, 53or a file of data for an interpreter. 54An executable object file consists of an identifying header, 55followed by pages of data representing the initial program (text) 56and initialized data pages. 57Additional pages may be specified 58by the header to be initialized with zero data; see 59.Xr a.out 5 . 60.Pp 61An interpreter file begins with a line of the form: 62.Pp 63.Bd -filled -offset indent -compact 64.Sy \&#! 65.Em interpreter 66.Bq Em arg 67.Ed 68.Pp 69When an interpreter file is 70.Fn execve Ns d 71the system runs the specified 72.Em interpreter . 73If the optional 74.Em arg 75is specified, it becomes the first argument to the 76.Em interpreter , 77and the name of the originally 78.Fn execve Ns d 79file becomes the second argument; 80otherwise, the name of the originally 81.Fn execve Ns d 82file becomes the first argument. 83The original arguments are shifted over to become the subsequent arguments. 84The zeroth argument, normally the name of the 85.Fn execve Ns d 86file, is left unchanged. 87The interpreter named by 88.Em interpreter 89must not itself be an interpreter file. 90(See 91.Xr script 7 92for a detailed discussion of interpreter file execution.) 93.Pp 94The argument 95.Fa argv 96is a pointer to a null-terminated array of 97character pointers to null-terminated character strings. 98These strings construct the argument list to be made available to the new 99process. 100By custom, the first element should be 101the name of the executed program (for example, the last component of 102.Fa path ) . 103.Pp 104The argument 105.Fa envp 106is also a pointer to a null-terminated array of 107character pointers to null-terminated strings. 108A pointer to this array is normally stored in the global variable 109.Va environ . 110These strings pass information to the 111new process that is not directly an argument to the command (see 112.Xr environ 7 ) . 113.Pp 114File descriptors open in the calling process image remain open in 115the new process image, except for those for which the close-on-exec 116flag is set (see 117.Xr close 2 118and 119.Xr fcntl 2 ) . 120Descriptors that remain open are unaffected by 121.Fn execve . 122.Pp 123In the case of a new setuid or setgid executable being executed, if 124file descriptors 0, 1, or 2 (representing stdin, stdout, and stderr) 125are currently unallocated, these descriptors will be opened to point to 126some system file like 127.Pa /dev/null . 128The intent is to ensure these descriptors are not unallocated, since 129many libraries make assumptions about the use of these 3 file descriptors. 130.Pp 131Signals set to be ignored in the calling process are set to be ignored in 132the new process. 133Signals which are set to be caught in the calling process image 134are set to default action in the new process image. 135Blocked signals remain blocked regardless of changes to the signal action. 136The signal stack is reset to be undefined (see 137.Xr sigaction 2 138for more information). 139.Pp 140If the set-user-ID mode bit of the new process image file is set 141(see 142.Xr chmod 2 ) , 143the effective user ID of the new process image is set to the owner ID 144of the new process image file. 145If the set-group-ID mode bit of the new process image file is set, 146the effective group ID of the new process image is set to the group ID 147of the new process image file. 148(The effective group ID is the first element of the group list.) 149The real user ID, real group ID and 150other group IDs of the new process image remain the same as the calling 151process image. 152After any set-user-ID and set-group-ID processing, 153the effective user ID is recorded as the saved set-user-ID, 154and the effective group ID is recorded as the saved set-group-ID. 155These values may be used in changing the effective IDs later (see 156.Xr setuid 2 ) . 157.Pp 158The new process also inherits the following attributes from 159the calling process: 160.Pp 161.Bl -column parent_process_ID -offset indent -compact 162.It process ID Ta see Xr getpid 2 163.It parent process ID Ta see Xr getppid 2 164.It process group ID Ta see Xr getpgrp 2 165.It access groups Ta see Xr getgroups 2 166.It working directory Ta see Xr chdir 2 167.It root directory Ta see Xr chroot 2 168.It control terminal Ta see Xr termios 4 169.It resource usages Ta see Xr getrusage 2 170.It interval timers Ta see Xr getitimer 2 171.It resource limits Ta see Xr getrlimit 2 172.It file mode mask Ta see Xr umask 2 173.It signal mask Ta see Xr sigaction 2 , 174.Xr sigprocmask 2 175.El 176.Pp 177When a program is executed as a result of an 178.Fn execve 179call, it is entered as follows: 180.Bd -literal -offset indent 181main(argc, argv, envp) 182int argc; 183char **argv, **envp; 184.Ed 185.Pp 186where 187.Fa argc 188is the number of elements in 189.Fa argv 190(the 191.Dq arg count ) 192and 193.Fa argv 194points to the array of character pointers 195to the arguments themselves. 196.Sh RETURN VALUES 197As the 198.Fn execve 199function overlays the current process image 200with a new process image the successful call 201has no process to return to. 202If 203.Fn execve 204does return to the calling process an error has occurred; the 205return value will be \-1 and the global variable 206.Va errno 207is set to indicate the error. 208.Sh ERRORS 209.Fn execve 210will fail and return to the calling process if: 211.Bl -tag -width Er 212.It Bq Er E2BIG 213The number of bytes in the new process's argument list 214is larger than the system-imposed limit. 215The limit in the system as released is 262144 bytes 216.Dv ( NCARGS 217in 218.Ao Pa sys/param.h Ac ) . 219.It Bq Er EACCES 220Search permission is denied for a component of the path prefix, 221the new process file is not an ordinary file, 222its file mode denies execute permission, or 223it is on a filesystem mounted with execution 224disabled 225.Dv ( MNT_NOEXEC 226in 227.Ao Pa sys/mount.h Ac ) . 228.It Bq Er EAGAIN 229A 230.Xr setuid 7 231process has exceeded the current resource limit for the number of 232processes it is allowed to run concurrently. 233.It Bq Er EFAULT 234The new process file is not as long as indicated by 235the size values in its header; or 236.Fa path , 237.Fa argv , 238or 239.Fa envp 240point to an illegal address. 241.It Bq Er EIO 242An I/O error occurred while reading from the file system. 243.It Bq Er ELOOP 244Too many symbolic links were encountered in translating the pathname. 245.It Bq Er ENAMETOOLONG 246A component of a pathname exceeded 247.Brq Dv NAME_MAX 248characters, or an entire path name exceeded 249.Brq Dv PATH_MAX 250characters. 251.It Bq Er ENOENT 252The new process file does not exist, or 253the new process file is a script starting with 254.Li #! 255and the script interpreter does not exist. 256.It Bq Er ENOEXEC 257The new process file has the appropriate access 258permission, but has an invalid magic number in its header. 259.It Bq Er ENOMEM 260The new process requires more virtual memory than 261is allowed by the imposed maximum 262.Pq Xr getrlimit 2 . 263.It Bq Er ENOTDIR 264A component of the path prefix is not a directory. 265.It Bq Er ETXTBSY 266The new process file is a pure procedure (shared text) 267file that is currently open for writing or reading by some process. 268.El 269.Sh SEE ALSO 270.Xr _exit 2 , 271.Xr fork 2 , 272.Xr execl 3 , 273.Xr environ 7 , 274.Xr script 7 275.Sh STANDARDS 276The 277.Fn execve 278function conforms to 279.St -p1003.1-90 . 280.Sh HISTORY 281The 282.Fn execve 283function call first appeared in 284.At v7 . 285.Sh BUGS 286If a program is 287.Em setuid 288to a non-super-user, but is executed when 289the real 290.Em uid 291is 292.Dq root , 293then the program has some of the powers of a super-user as well. 294