1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)execve.2 8.5 (Berkeley) 6/1/94 29.\" $FreeBSD: src/lib/libc/sys/execve.2,v 1.16.2.10 2001/12/22 01:21:30 jwd Exp $ 30.\" 31.Dd December 21, 2007 32.Dt EXECVE 2 33.Os 34.Sh NAME 35.Nm execve 36.Nd execute a file 37.Sh LIBRARY 38.Lb libc 39.Sh SYNOPSIS 40.In unistd.h 41.Ft int 42.Fn execve "const char *path" "char *const argv[]" "char *const envp[]" 43.Sh DESCRIPTION 44.Fn Execve 45transforms the calling process into a new process. 46The new process is constructed from an ordinary file, 47whose name is pointed to by 48.Fa path , 49called the 50.Em new process file . 51This file is either an executable object file, 52or a file of data for an interpreter. 53An executable object file consists of an identifying header, 54followed by pages of data representing the initial program (text) 55and initialized data pages. 56Additional pages may be specified 57by the header to be initialized with zero data; see 58.Xr elf 5 59and 60.Xr a.out 5 . 61.Pp 62An interpreter file begins with a line of the form: 63.Pp 64.Bd -ragged -offset indent -compact 65.Sy \&#! 66.Em interpreter 67.Bq Em arg 68.Ed 69.Pp 70When an interpreter file is 71.Sy execve Ap d , 72the system actually 73.Sy execve Ap s 74the specified 75.Em interpreter . 76If the optional 77.Em arg 78is specified, it becomes the first argument to the 79.Em interpreter , 80and the name of the originally 81.Sy execve Ap d 82file becomes the second argument; 83otherwise, the name of the originally 84.Sy execve Ap d 85file becomes the first argument. 86The original arguments are shifted over to become the subsequent arguments. 87The zeroth argument is set to the specified 88.Em interpreter . 89(See 90.Xr script 7 91for a detailed discussion of interpreter file execution.) 92.Pp 93The argument 94.Fa argv 95is a pointer to a null-terminated array of 96character pointers to null-terminated character strings. 97These strings construct the argument list to be made available to the new 98process. 99At least one argument must be present in 100the array; by custom, the first element should be 101the name of the executed program (for example, the last component of 102.Fa path ) . 103.Pp 104The argument 105.Fa envp 106is also a pointer to a null-terminated array of 107character pointers to null-terminated strings. 108A pointer to this array is normally stored in the global variable 109.Va environ . 110These strings pass information to the 111new process that is not directly an argument to the command (see 112.Xr environ 7 ) . 113.Pp 114File descriptors open in the calling process image remain open in 115the new process image, except for those for which the close-on-exec 116flag is set (see 117.Xr close 2 118and 119.Xr fcntl 2 ) . 120Descriptors that remain open are unaffected by 121.Fn execve . 122.Pp 123Signals set to be ignored in the calling process are set to be ignored in 124the 125new process. 126Signals which are set to be caught in the calling process image 127are set to default action in the new process image. 128Blocked signals remain blocked regardless of changes to the signal action. 129The signal stack is reset to be undefined (see 130.Xr sigaction 2 131for more information). 132.Pp 133If the set-user-ID mode bit of the new process image file is set 134(see 135.Xr chmod 2 ) , 136the effective user ID of the new process image is set to the owner ID 137of the new process image file. 138If the set-group-ID mode bit of the new process image file is set, 139the effective group ID of the new process image is set to the group ID 140of the new process image file. 141(The effective group ID is the first element of the group list.) 142The real user ID, real group ID and 143other group IDs of the new process image remain the same as the calling 144process image. 145After any set-user-ID and set-group-ID processing, 146the effective user ID is recorded as the saved set-user-ID, 147and the effective group ID is recorded as the saved set-group-ID. 148These values may be used in changing the effective IDs later (see 149.Xr setuid 2 ) . 150.Pp 151The set-ID bits are not honored if the respective file system has the 152.Ar nosuid 153option enabled or if the new process file is an interpreter file. 154Syscall tracing is disabled if effective IDs are changed. 155.Pp 156The new process also inherits the following attributes from 157the calling process: 158.Pp 159.Bl -column parent_process_ID -offset indent -compact 160.It process ID Ta see Xr getpid 2 161.It parent process ID Ta see Xr getppid 2 162.It process group ID Ta see Xr getpgrp 2 163.It access groups Ta see Xr getgroups 2 164.It working directory Ta see Xr chdir 2 165.It root directory Ta see Xr chroot 2 166.It control terminal Ta see Xr termios 4 167.It resource usages Ta see Xr getrusage 2 168.It interval timers Ta see Xr getitimer 2 169.It resource limits Ta see Xr getrlimit 2 170.It file mode mask Ta see Xr umask 2 171.It signal mask Ta see Xr sigaction 2 , 172.Xr sigprocmask 2 173.El 174.Pp 175When a program is executed as a result of an 176.Fn execve 177call, it is entered as follows: 178.Bd -literal -offset indent 179main(argc, argv, envp) 180int argc; 181char **argv, **envp; 182.Ed 183.Pp 184where 185.Fa argc 186is the number of elements in 187.Fa argv 188(the ``arg count'') 189and 190.Fa argv 191points to the array of character pointers 192to the arguments themselves. 193.Sh RETURN VALUES 194As the 195.Fn execve 196function overlays the current process image 197with a new process image the successful call 198has no process to return to. 199If 200.Fn execve 201does return to the calling process an error has occurred; the 202return value will be -1 and the global variable 203.Va errno 204is set to indicate the error. 205.Sh ERRORS 206.Fn Execve 207will fail and return to the calling process if: 208.Bl -tag -width Er 209.It Bq Er ENOTDIR 210A component of the path prefix is not a directory. 211.It Bq Er ENAMETOOLONG 212A component of a pathname exceeded 255 characters, 213or an entire path name exceeded 1023 characters. 214.It Bq Er ENAMETOOLONG 215When invoking an interpreted script, the interpreter name 216exceeds 217.Dv MAXSHELLCMDLEN 218characters. 219.It Bq Er ENOENT 220The new process file does not exist. 221.It Bq Er ELOOP 222Too many symbolic links were encountered in translating the pathname. 223.It Bq Er EACCES 224Search permission is denied for a component of the path prefix. 225.It Bq Er EACCES 226The new process file is not an ordinary file. 227.It Bq Er EACCES 228The new process file mode denies execute permission. 229.It Bq Er ENOEXEC 230The new process file has the appropriate access 231permission, but has an invalid magic number in its header. 232.It Bq Er ETXTBSY 233The new process file is a pure procedure (shared text) 234file that is currently open for writing or reading by some process. 235.It Bq Er ENOMEM 236The new process requires more virtual memory than 237is allowed by the imposed maximum 238.Pq Xr getrlimit 2 . 239.It Bq Er E2BIG 240The number of bytes in the new process' argument list 241is larger than the system-imposed limit. 242This limit is specified by the 243.Xr sysctl 3 244MIB variable 245.Dv KERN_ARGMAX . 246.It Bq Er EFAULT 247The new process file is not as long as indicated by 248the size values in its header. 249.It Bq Er EFAULT 250.Fa Path , 251.Fa argv , 252or 253.Fa envp 254point 255to an illegal address. 256.It Bq Er EIO 257An I/O error occurred while reading from the file system. 258.El 259.Sh CAVEATS 260If a program is 261.Em setuid 262to a non-super-user, but is executed when 263the real 264.Em uid 265is ``root'', then the program has some of the powers 266of a super-user as well. 267.Sh SEE ALSO 268.Xr ktrace 1 , 269.Xr _exit 2 , 270.Xr fork 2 , 271.Xr execl 3 , 272.Xr exit 3 , 273.Xr sysctl 3 , 274.Xr a.out 5 , 275.Xr elf 5 , 276.Xr environ 7 , 277.Xr script 7 , 278.Xr mount 8 279.Sh HISTORY 280The 281.Fn execve 282function call appeared in 283.Bx 4.2 . 284