1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)execve.2 8.5 (Berkeley) 6/1/94 29.\" $FreeBSD: src/lib/libc/sys/execve.2,v 1.16.2.10 2001/12/22 01:21:30 jwd Exp $ 30.\" 31.Dd February 17, 2021 32.Dt EXECVE 2 33.Os 34.Sh NAME 35.Nm execve , 36.Nm fexecve 37.Nd execute a file 38.Sh LIBRARY 39.Lb libc 40.Sh SYNOPSIS 41.In unistd.h 42.Ft int 43.Fn execve "const char *path" "char *const argv[]" "char *const envp[]" 44.Ft int 45.Fn fexecve "int fd" "char *const argv[]" "char *const envp[]" 46.Sh DESCRIPTION 47.Fn Execve 48transforms the calling process into a new process. 49The new process is constructed from an ordinary file, 50whose name is pointed to by 51.Fa path , 52called the 53.Em new process file . 54The 55.Fn fexecve 56system call is equivalent to 57.Fn execve 58except that the file to be executed is determined by the file descriptor 59.Fa fd 60instead of a 61.Fa path . 62This 63.Em new process file 64is either an executable object file, 65or a file of data for an interpreter. 66An executable object file consists of an identifying header, 67followed by pages of data representing the initial program (text) 68and initialized data pages. 69Additional pages may be specified 70by the header to be initialized with zero data; see 71.Xr elf 5 72and 73.Xr a.out 5 . 74.Pp 75An interpreter file begins with a line of the form: 76.Pp 77.Bd -ragged -offset indent -compact 78.Sy \&#! 79.Em interpreter 80.Bq Em arg 81.Ed 82.Pp 83When an interpreter file is 84.Sy execve Ap d , 85the system actually 86.Sy execve Ap s 87the specified 88.Em interpreter . 89If the optional 90.Em arg 91is specified, it becomes the first argument to the 92.Em interpreter , 93and the name of the originally 94.Sy execve Ap d 95file becomes the second argument; 96otherwise, the name of the originally 97.Sy execve Ap d 98file becomes the first argument. 99The original arguments are shifted over to become the subsequent arguments. 100The zeroth argument is set to the specified 101.Em interpreter . 102(See 103.Xr script 7 104for a detailed discussion of interpreter file execution.) 105.Pp 106The argument 107.Fa argv 108is a pointer to a null-terminated array of 109character pointers to null-terminated character strings. 110These strings construct the argument list to be made available to the new 111process. 112At least one argument must be present in 113the array; by custom, the first element should be 114the name of the executed program (for example, the last component of 115.Fa path ) . 116.Pp 117The argument 118.Fa envp 119is also a pointer to a null-terminated array of 120character pointers to null-terminated strings. 121A pointer to this array is normally stored in the global variable 122.Va environ . 123These strings pass information to the 124new process that is not directly an argument to the command (see 125.Xr environ 7 ) . 126.Pp 127File descriptors open in the calling process image remain open in 128the new process image, except for those for which the close-on-exec 129flag is set (see 130.Xr close 2 131and 132.Xr fcntl 2 ) . 133Descriptors that remain open are unaffected by 134.Fn execve . 135If any of the standard descriptors (0, 1, and/or 2) are closed at the time 136.Fn execve 137is called, and the process will gain privilege as a result of set-id 138semantics, those descriptors will be reopened automatically. 139No programs, whether privileged or not, should assume that these descriptors 140will remain closed across a call to 141.Fn execve . 142.Pp 143Signals set to be ignored in the calling process are set to be ignored in 144the 145new process. 146Signals which are set to be caught in the calling process image 147are set to default action in the new process image. 148Blocked signals remain blocked regardless of changes to the signal action. 149The signal stack is reset to be undefined (see 150.Xr sigaction 2 151for more information). 152.Pp 153If the set-user-ID mode bit of the new process image file is set 154(see 155.Xr chmod 2 ) , 156the effective user ID of the new process image is set to the owner ID 157of the new process image file. 158If the set-group-ID mode bit of the new process image file is set, 159the effective group ID of the new process image is set to the group ID 160of the new process image file. 161(The effective group ID is the first element of the group list.) 162The real user ID, real group ID and 163other group IDs of the new process image remain the same as the calling 164process image. 165After any set-user-ID and set-group-ID processing, 166the effective user ID is recorded as the saved set-user-ID, 167and the effective group ID is recorded as the saved set-group-ID. 168These values may be used in changing the effective IDs later (see 169.Xr setuid 2 ) . 170.Pp 171The set-ID bits are not honored if the respective file system has the 172.Ar nosuid 173option enabled or if the new process file is an interpreter file. 174Syscall tracing is disabled if effective IDs are changed. 175.Pp 176The new process also inherits the following attributes from 177the calling process: 178.Pp 179.Bl -column parent_process_ID -offset indent -compact 180.It process ID Ta see Xr getpid 2 181.It parent process ID Ta see Xr getppid 2 182.It process group ID Ta see Xr getpgrp 2 183.It access groups Ta see Xr getgroups 2 184.It working directory Ta see Xr chdir 2 185.It root directory Ta see Xr chroot 2 186.It control terminal Ta see Xr termios 4 187.It resource usages Ta see Xr getrusage 2 188.It interval timers Ta see Xr getitimer 2 189.It resource limits Ta see Xr getrlimit 2 190.It file mode mask Ta see Xr umask 2 191.It signal mask Ta see Xr sigaction 2 , 192.Xr sigprocmask 2 193.El 194.Pp 195When a program is executed as a result of an 196.Fn execve 197call, it is entered as follows: 198.Bd -literal -offset indent 199.Fn main "int argc" "char **argv" "char **envp" ; 200.Ed 201.Pp 202where 203.Fa argc 204is the number of elements in 205.Fa argv 206(the 207.Dq argument count ) 208and 209.Fa argv 210points to the array of character pointers 211to the arguments themselves. 212.Pp 213The 214.Fn fexecve 215function ignores the file offset of 216.Fa fd . 217Since the execute permission is checked by 218.Fn fexecve , 219the file descriptor 220.Fa fd 221need not have been opened with the 222.Dv O_EXEC 223flag. 224However, if the file to be executed denies read permission for the process 225preparing to do the exec, the only way to provide the 226.Fa fd 227to 228.Fn fexecve 229is to use the 230.Dv O_EXEC 231flag when opening 232.Fa fd . 233Note that the file to be executed can not be open for writing. 234.Sh RETURN VALUES 235As 236.Fn execve 237overlays the current process image 238with a new process image the successful call 239has no process to return to. 240If 241.Fn execve 242does return to the calling process an error has occurred; the 243return value will be -1 and the global variable 244.Va errno 245is set to indicate the error. 246.Pp 247.Fn Fexecve 248has the same return values as 249.Fn execve . 250.Sh ERRORS 251.Fn Execve 252will fail and return to the calling process if: 253.Bl -tag -width Er 254.It Bq Er ENOTDIR 255A component of the path prefix is not a directory. 256.It Bq Er ENAMETOOLONG 257A component of a pathname exceeded 255 characters, 258or an entire path name exceeded 1023 characters. 259.It Bq Er ENAMETOOLONG 260When invoking an interpreted script, the interpreter name 261exceeds 262.Dv MAXSHELLCMDLEN 263characters. 264.It Bq Er ENOENT 265The new process file does not exist. 266.It Bq Er ELOOP 267Too many symbolic links were encountered in translating the pathname. 268.It Bq Er EACCES 269Search permission is denied for a component of the path prefix. 270.It Bq Er EACCES 271The new process file is not an ordinary file. 272.It Bq Er EACCES 273The new process file mode denies execute permission. 274.It Bq Er ENOEXEC 275The new process file has the appropriate access 276permission, but has an invalid magic number in its header. 277.It Bq Er ETXTBSY 278The new process file is a pure procedure (shared text) 279file that is currently open for writing or reading by some process. 280.It Bq Er ENOMEM 281The new process requires more virtual memory than 282is allowed by the imposed maximum 283.Pq Xr getrlimit 2 . 284.It Bq Er E2BIG 285The number of bytes in the new process' argument list 286is larger than the system-imposed limit. 287This limit is specified by the 288.Xr sysctl 3 289MIB variable 290.Dv KERN_ARGMAX . 291.It Bq Er EFAULT 292The new process file is not as long as indicated by 293the size values in its header. 294.It Bq Er EFAULT 295.Fa Path , 296.Fa argv , 297or 298.Fa envp 299point 300to an illegal address. 301.It Bq Er EIO 302An I/O error occurred while reading from the file system. 303.El 304.Pp 305In addition, the 306.Fn fexecve 307system call will fail and return to the calling process if: 308.Bl -tag -width Er 309.It Bq Er EBADF 310The 311.Fa fd 312argument is not a valid file descriptor open for executing. 313.El 314.Sh CAVEATS 315If a program is 316.Em setuid 317to a non-super-user, but is executed when 318the real 319.Em uid 320is 321.Dq root , 322then the program has some of the powers 323of a super-user as well. 324.Pp 325If the 326.Fa fd 327refers to to an interpreter file and the 328.Dv O_CLOEXEC 329flag has been set, 330.Fn fexecve 331fails with the 332.Er ENOENT 333error; because the 334.Fa fd 335has already been closed by the time the interpreter is executed. 336.Sh SEE ALSO 337.Xr ktrace 1 , 338.Xr _exit 2 , 339.Xr fork 2 , 340.Xr execl 3 , 341.Xr exit 3 , 342.Xr sysctl 3 , 343.Xr a.out 5 , 344.Xr elf 5 , 345.Xr environ 7 , 346.Xr script 7 , 347.Xr mount 8 348.Sh STANDARDS 349The 350.Fn execve 351system call conforms to 352.St -p1003.1-2004 . 353The 354.Fn fexecve 355system call conforms to 356.St -p1003.1-2008 . 357.Pp 358The support for executing interpreted programs is an extension. 359.Sh HISTORY 360The 361.Fn execve 362system call appeared in 363.At v7 . 364The 365.Fn fexecve 366system call first appeared in 367.Dx 5.9 . 368