EXECVE(2) | System Calls Manual | EXECVE(2) |
execve
, fexecve
—
#include <unistd.h>
int
execve
(const
char *path, char *const
argv[], char *const
envp[]);
int
fexecve
(int
fd, char *const
argv[], char *const
envp[]);
execve
() system call transforms the calling process
into a new process. The new process is constructed from an ordinary file,
whose name is pointed to by path, called the
new process file. The fexecve
()
system call is equivalent to execve
() except that the
file to be executed is determined by the file descriptor
fd instead of a path. This file is
either an executable object file, or a file of data for an interpreter. An
executable object file consists of an identifying header, followed by pages of
data representing the initial program (text) and initialized data pages.
Additional pages may be specified by the header to be initialized with zero
data; see elf(5) and
a.out(5).
An interpreter file begins with a line of the form:
When an interpreter file is execve
d, the system actually execve's the
specified interpreter. If the optional
arg is specified, it becomes the first argument to the
interpreter, and the name of the originally
execve'd file becomes the second argument; otherwise, the
name of the originally execve'd file becomes the first
argument. The original arguments are shifted over to become the subsequent
arguments. The zeroth argument, normally the name of the
execve
()d file, is left unchanged. The interpreter
named by interpreter must not itself be an interpreter
file. (See script(7) for a
detailed discussion of interpreter file execution.)
The argument argv is a pointer to a null-terminated array of character pointers to null-terminated character strings. These strings construct the argument list to be made available to the new process. At least one argument must be present in the array; by custom, the first element should be the name of the executed program (for example, the last component of path).
The argument envp is also a pointer to a null-terminated array of character pointers to null-terminated strings. A pointer to this array is normally stored in the global variable environ. These strings pass information to the new process that is not directly an argument to the command (see environ(7)).
File descriptors open in the calling process image remain open in
the new process image, except for those for which the close-on-exec flag is
set (see close(2) and
fcntl(2)). Descriptors that
remain open are unaffected by execve
().
In the case of a new setuid or setgid executable being executed, if file descriptors 0, 1, or 2 (representing stdin, stdout, and stderr) are currently unallocated, these descriptors will be opened to point to some system file like /dev/null. The intent is to ensure these descriptors are not unallocated, since many libraries make assumptions about the use of these 3 file descriptors.
Signals set to be ignored in the calling process are set to be ignored in the new process. Signals which are set to be caught in the calling process image are set to default action in the new process image. Blocked signals remain blocked regardless of changes to the signal action. The signal stack is reset to be undefined (see sigaction(2) for more information).
If the set-user-ID mode bit of the new process image file is set
(see chmod(2)), the effective
user ID of the new process image is set to the owner ID of the new process
image file. If the set-group-ID mode bit of the new process image file is
set, the effective group ID of the new process image is set to the group ID
of the new process image file. (The effective group ID is the first element
of the group list.) The real user ID, real group ID and other group IDs of
the new process image remain the same as the calling process image. After
any set-user-ID and set-group-ID processing, the effective user ID is
recorded as the saved set-user-ID, and the effective group ID is recorded as
the saved set-group-ID. These values may be used in changing the effective
IDs later (see setuid(2)). The
set-ID bits are not honored if the respective file system has the
nosuid
option enabled or if the new process file is
an interpreter file. Syscall tracing is disabled if effective IDs are
changed.
The new process also inherits the following attributes from the calling process:
process ID | see getpid(2) |
parent process ID | see getppid(2) |
process group ID | see getpgrp(2) |
access groups | see getgroups(2) |
working directory | see chdir(2) |
root directory | see chroot(2) |
control terminal | see termios(4) |
resource usages | see getrusage(2) |
interval timers | see getitimer(2) |
resource limits | see getrlimit(2) |
file mode mask | see umask(2) |
signal mask | see sigaction(2), sigprocmask(2) |
When a program is executed as a result of an
execve
() system call, it is entered as follows:
main(argc, argv, envp) int argc; char **argv, **envp;
where argc is the number of elements in argv (the “arg count”) and argv points to the array of character pointers to the arguments themselves.
The fexecve
() function ignores the file
offset of fd. Since execute permission is checked by
fexecve
(), the file descriptor
fd need not have been opened with the
O_EXEC
flag. However, if the file to be executed
denies read permission for the process preparing to do the exec, the only
way to provide the fd to
fexecve
() is to use the
O_EXEC
flag when opening fd.
Note that the file to be executed can not be open for writing.
execve
() system call overlays the current process
image with a new process image the successful call has no process to return
to. If execve
() does return to the calling process an
error has occurred; the return value will be -1 and the global variable
errno is set to indicate the error.
execve
() system call will fail and return to the
calling process if:
E2BIG
]NCARGS
in
⟨sys/param.h⟩ and get be read from
the sysctl(3) MIB variable
KERN_ARGMAX
.EACCES
]MNT_NOEXEC
in
⟨sys/mount.h⟩).EAGAIN
]EFAULT
]EIO
]ELOOP
]ENAMETOOLONG
]NAME_MAX
}
characters, or an entire path name exceeded
{PATH_MAX
} characters.ENOENT
]#!
and the script interpreter does
not exist.ENOEXEC
]ENOMEM
]ENOTDIR
]ETXTBSY
]In addition, the fexecve
() will fail and
return to the calling process if:
EBADF
]execve
() system call conforms to
IEEE Std 1003.1-2001 (“POSIX.1”). with
the exception of reopening descriptors 0, 1, and/or 2 in certain
circumstances. A future update of the Standard is expected to require this
behavior, and it may become the default for non-privileged processes as well.
The support for executing interpreted programs is an extension. The
fexecve
() system call conforms to The Open Group
Extended API Set 2 specification.
execve
() function call first appeared in
Version 7 AT&T UNIX. The
fexecve
() system call appeared in
NetBSD 10.0.
September 16, 2019 | NetBSD 10.0 |