NAME
execve
—
execute a file
SYNOPSIS
#include
<unistd.h>
int
execve
(const
char *path, char *const
argv[], char *const
envp[]);
DESCRIPTION
execve
()
transforms the calling process into a new process. The new process is
constructed from an ordinary file, whose name is pointed to by
path, called the
new process
file. This file is either an executable object file, or a file of
data for an interpreter. An executable object file consists of an
identifying header, followed by pages of data representing the initial
program (text) and initialized data pages. Additional pages may be specified
by the header to be initialized with zero data; see
elf(5).
An interpreter file begins with a line of the form:
When an interpreter file is passed to
execve
(),
the system instead calls execve
() with the specified
interpreter. If the optional arg
is specified, it becomes the first argument to the
interpreter, and the original
path becomes the second argument; otherwise,
path becomes the first argument. The original
arguments are shifted over to become the subsequent arguments. The zeroth
argument, normally the name of the file being executed, is left
unchanged.
The argument argv is a pointer to a null-terminated array of character pointers to NUL-terminated character strings. These strings construct the argument list to be made available to the new process. At least one non-null argument must be present in the array; by custom, the first element should be the name of the executed program (for example, the last component of path).
The argument envp is also a pointer to a null-terminated array of character pointers to NUL-terminated strings. A pointer to this array is normally stored in the global variable environ. These strings pass information to the new process that is not directly an argument to the command (see environ(7)).
File descriptors open in the calling process image
remain open in the new process image, except for those for which the
close-on-exec flag is set (see
close(2) and
fcntl(2)). Descriptors that remain open are unaffected by
execve
().
In the case of a new setuid or setgid executable being executed, if file
descriptors 0, 1, or 2 (representing stdin, stdout, and stderr) are
currently unallocated, these descriptors will be opened to point to some
system file like /dev/null. The intent is to ensure
these descriptors are not unallocated, since many libraries make assumptions
about the use of these 3 file descriptors.
Signals set to be ignored in the calling process, with the
exception of SIGCHLD
, are set to be ignored in the
new process. Other signals are set to default action in the new process
image. Blocked signals remain blocked regardless of changes to the signal
action. The signal stack is reset to be undefined (see
sigaction(2) for more information).
If the set-user-ID mode bit of the new process image file is set (see chmod(2)), the effective user ID of the new process image is set to the owner ID of the new process image file. If the set-group-ID mode bit of the new process image file is set, the effective group ID of the new process image is set to the group ID of the new process image file. (The effective group ID is the first element of the group list.) The real user ID, real group ID and other group IDs of the new process image remain the same as the calling process image. After any set-user-ID and set-group-ID processing, the effective user ID is recorded as the saved set-user-ID, and the effective group ID is recorded as the saved set-group-ID. These values may be used in changing the effective IDs later (see setuid(2)). The set-user-ID and set-group-ID bits have no effect if the new process image file is located on a file system mounted with the nosuid flag. The process will be started without the new permissions.
The new process also inherits the following attributes from the calling process:
- process ID
- see getpid(2)
- parent process ID
- see getppid(2)
- process group ID
- see getpgrp(2)
- session ID
- see getsid(2)
- access groups
- see getgroups(2)
- working directory
- see chdir(2)
- root directory
- see chroot(2)
- controlling terminal
- see termios(4)
- resource usages
- see getrusage(2)
- interval timers
- see getitimer(2) (unless process image file is setuid or setgid, in which case all timers are disabled)
- resource limits
- see getrlimit(2)
- file mode mask
- see umask(2)
- signal mask
- see sigaction(2), sigprocmask(2)
When a program is executed as a result of an
execve
()
call, it is entered as follows:
main(int argc, char **argv, char
**envp)
where argc is the number of elements in argv (the “arg count”) and argv points to the array of character pointers to the arguments themselves.
RETURN VALUES
As the execve
() function overlays the
current process image with a new process image, the successful call has no
process to return to. If execve
() does return to the
calling process, an error has occurred; the return value will be -1 and the
global variable errno is set to indicate the
error.
ERRORS
execve
() will fail and return to the
calling process if:
- [
ENOTDIR
] - A component of the path prefix is not a directory.
- [
ENAMETOOLONG
] - A component of a pathname exceeded
NAME_MAX
characters, or an entire pathname (including the terminating NUL) exceededPATH_MAX
bytes. - [
ENOENT
] - The new process file does not exist.
- [
ELOOP
] - Too many symbolic links were encountered in translating the pathname.
- [
EACCES
] - Search permission is denied for a component of the path prefix.
- [
EACCES
] - The new process file is not an ordinary file.
- [
EACCES
] - The new process file mode denies execute permission.
- [
EACCES
] - The new process file is on a filesystem mounted with execution disabled
(
MNT_NOEXEC
in<sys/mount.h>
). - [
EACCES
] - The new process file is marked with
ld(1)
-z
wxneeded
to perform W^X violating operations, but it is located on a file system not allowing such operations, being mounted without the mount(8)-o
wxallowed
flag. - [
EACCES
] - The parent used pledge(2) to declare an execpromise, and that is not permitted for setuid or setgid images.
- [
ENOEXEC
] - The new process file has the appropriate access permission, but has an invalid magic number in its header.
- [
ETXTBSY
] - The new process file is a pure procedure (shared text) file that is currently open for writing by some process.
- [
ENOMEM
] - The new process requires more virtual memory than is allowed by the imposed maximum (getrlimit(2)).
- [
E2BIG
] - The number of bytes in the new process's argument list is larger than the
system-imposed limit. The limit in the system as released is 524288 bytes
(
ARG_MAX
). - [
EFAULT
] - The new process file is not as long as indicated by the size values in its header.
- [
EFAULT
] - path, argv, or envp point to an illegal address.
- [
EINVAL
] - argv did not contain at least one element.
- [
EIO
] - An I/O error occurred while reading from the file system.
- [
ENFILE
] - During startup of an interpreter, the system file table was found to be full.
SEE ALSO
STANDARDS
The execve
() function is expected to
conform to IEEE Std 1003.1-2008
(“POSIX.1”).
HISTORY
The predecessor of these functions, the former
exec
() system call, first appeared in
Version 1 AT&T UNIX. The
execve
() function first appeared in
Version 7 AT&T UNIX.
CAVEATS
If a program is setuid to a non-superuser, but is executed when the real uid is “root”, then the process has some of the powers of a superuser as well.
IEEE Std 1003.1-2008
(“POSIX.1”) permits execve
to
leave SIGCHLD
as ignored in the new process;
portable programs cannot rely on execve
resetting it
to the default disposition.