1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)execve.2 8.5 (Berkeley) 6/1/94 33.\" $FreeBSD$ 34.\" 35.Dd June 1, 1994 36.Dt EXECVE 2 37.Os 38.Sh NAME 39.Nm execve 40.Nd execute a file 41.Sh LIBRARY 42.Lb libc 43.Sh SYNOPSIS 44.In unistd.h 45.Ft int 46.Fn execve "const char *path" "char *const argv[]" "char *const envp[]" 47.Sh DESCRIPTION 48The 49.Fn execve 50system call 51transforms the calling process into a new process. 52The new process is constructed from an ordinary file, 53whose name is pointed to by 54.Fa path , 55called the 56.Em new process file . 57This file is either an executable object file, 58or a file of data for an interpreter. 59An executable object file consists of an identifying header, 60followed by pages of data representing the initial program (text) 61and initialized data pages. 62Additional pages may be specified 63by the header to be initialized with zero data; see 64.Xr elf 5 65and 66.Xr a.out 5 . 67.Pp 68An interpreter file begins with a line of the form: 69.Pp 70.Bd -ragged -offset indent -compact 71.Sy \&#! 72.Em interpreter 73.Bq Em arg 74.Ed 75.Pp 76When an interpreter file is 77.Sy execve Ap d , 78the system actually 79.Sy execve Ap s 80the specified 81.Em interpreter . 82If the optional 83.Em arg 84is specified, it becomes the first argument to the 85.Em interpreter , 86and the name of the originally 87.Sy execve Ap d 88file becomes the second argument; 89otherwise, the name of the originally 90.Sy execve Ap d 91file becomes the first argument. 92The original arguments are shifted over to 93become the subsequent arguments. 94The zeroth argument is set to the specified 95.Em interpreter . 96.Pp 97The argument 98.Fa argv 99is a pointer to a null-terminated array of 100character pointers to null-terminated character strings. 101These strings construct the argument list to be made available to the new 102process. 103At least one argument must be present in 104the array; by custom, the first element should be 105the name of the executed program (for example, the last component of 106.Fa path ) . 107.Pp 108The argument 109.Fa envp 110is also a pointer to a null-terminated array of 111character pointers to null-terminated strings. 112A pointer to this array is normally stored in the global variable 113.Va environ . 114These strings pass information to the 115new process that is not directly an argument to the command (see 116.Xr environ 7 ) . 117.Pp 118File descriptors open in the calling process image remain open in 119the new process image, except for those for which the close-on-exec 120flag is set (see 121.Xr close 2 122and 123.Xr fcntl 2 ) . 124Descriptors that remain open are unaffected by 125.Fn execve . 126If any of the standard descriptors (0, 1, and/or 2) are closed at the 127time 128.Fn execve 129is called, and the process will gain privilege as a result of set-id 130semantics, those descriptors will be re-opened automatically. 131No programs, whether privileged or not, should assume that these descriptors 132will remain closed across a call to 133.Fn execve . 134.Pp 135Signals set to be ignored in the calling process are set to be ignored in 136the 137new process. 138Signals which are set to be caught in the calling process image 139are set to default action in the new process image. 140Blocked signals remain blocked regardless of changes to the signal action. 141The signal stack is reset to be undefined (see 142.Xr sigaction 2 143for more information). 144.Pp 145If the set-user-ID mode bit of the new process image file is set 146(see 147.Xr chmod 2 ) , 148the effective user ID of the new process image is set to the owner ID 149of the new process image file. 150If the set-group-ID mode bit of the new process image file is set, 151the effective group ID of the new process image is set to the group ID 152of the new process image file. 153(The effective group ID is the first element of the group list.) 154The real user ID, real group ID and 155other group IDs of the new process image remain the same as the calling 156process image. 157After any set-user-ID and set-group-ID processing, 158the effective user ID is recorded as the saved set-user-ID, 159and the effective group ID is recorded as the saved set-group-ID. 160These values may be used in changing the effective IDs later (see 161.Xr setuid 2 ) . 162.Pp 163The set-ID bits are not honored if the respective file system has the 164.Cm nosuid 165option enabled or if the new process file is an interpreter file. 166Syscall 167tracing is disabled if effective IDs are changed. 168.Pp 169The new process also inherits the following attributes from 170the calling process: 171.Pp 172.Bl -column parent_process_ID -offset indent -compact 173.It process ID Ta see Xr getpid 2 174.It parent process ID Ta see Xr getppid 2 175.It process group ID Ta see Xr getpgrp 2 176.It access groups Ta see Xr getgroups 2 177.It working directory Ta see Xr chdir 2 178.It root directory Ta see Xr chroot 2 179.It control terminal Ta see Xr termios 4 180.It resource usages Ta see Xr getrusage 2 181.It interval timers Ta see Xr getitimer 2 182.It resource limits Ta see Xr getrlimit 2 183.It file mode mask Ta see Xr umask 2 184.It signal mask Ta see Xr sigvec 2 , 185.Xr sigsetmask 2 186.El 187.Pp 188When a program is executed as a result of an 189.Fn execve 190system call, it is entered as follows: 191.Bd -literal -offset indent 192main(argc, argv, envp) 193int argc; 194char **argv, **envp; 195.Ed 196.Pp 197where 198.Fa argc 199is the number of elements in 200.Fa argv 201(the ``arg count'') 202and 203.Fa argv 204points to the array of character pointers 205to the arguments themselves. 206.Sh RETURN VALUES 207As the 208.Fn execve 209system call overlays the current process image 210with a new process image the successful call 211has no process to return to. 212If 213.Fn execve 214does return to the calling process an error has occurred; the 215return value will be -1 and the global variable 216.Va errno 217is set to indicate the error. 218.Sh ERRORS 219The 220.Fn execve 221system call 222will fail and return to the calling process if: 223.Bl -tag -width Er 224.It Bq Er ENOTDIR 225A component of the path prefix is not a directory. 226.It Bq Er ENAMETOOLONG 227A component of a pathname exceeded 255 characters, 228or an entire path name exceeded 1023 characters. 229.It Bq Er ENAMETOOLONG 230When invoking an interpreted script, the interpreter name 231exceeds 232.Dv MAXSHELLCMDLEN 233characters. 234.It Bq Er ENOENT 235The new process file does not exist. 236.It Bq Er ELOOP 237Too many symbolic links were encountered in translating the pathname. 238.It Bq Er EACCES 239Search permission is denied for a component of the path prefix. 240.It Bq Er EACCES 241The new process file is not an ordinary file. 242.It Bq Er EACCES 243The new process file mode denies execute permission. 244.It Bq Er ENOEXEC 245The new process file has the appropriate access 246permission, but has an invalid magic number in its header. 247.It Bq Er ETXTBSY 248The new process file is a pure procedure (shared text) 249file that is currently open for writing or reading by some process. 250.It Bq Er ENOMEM 251The new process requires more virtual memory than 252is allowed by the imposed maximum 253.Pq Xr getrlimit 2 . 254.It Bq Er E2BIG 255The number of bytes in the new process' argument list 256is larger than the system-imposed limit. 257This limit is specified by the 258.Xr sysctl 3 259MIB variable 260.Dv KERN_ARGMAX . 261.It Bq Er EFAULT 262The new process file is not as long as indicated by 263the size values in its header. 264.It Bq Er EFAULT 265The 266.Fa path , 267.Fa argv , 268or 269.Fa envp 270arguments 271point 272to an illegal address. 273.It Bq Er EIO 274An I/O error occurred while reading from the file system. 275.El 276.Sh CAVEAT 277If a program is 278.Em setuid 279to a non-super-user, but is executed when 280the real 281.Em uid 282is ``root'', then the program has some of the powers 283of a super-user as well. 284.Sh SEE ALSO 285.Xr ktrace 1 , 286.Xr _exit 2 , 287.Xr fork 2 , 288.Xr execl 3 , 289.Xr exit 3 , 290.Xr sysctl 3 , 291.Xr a.out 5 , 292.Xr elf 5 , 293.Xr environ 7 , 294.Xr mount 8 295.Sh STANDARDS 296The 297.Fn execve 298system call conforms to 299.St -p1003.1-2001 , 300with the exception of reopening descriptors 0, 1, and/or 2 in certain 301circumstances. 302A future update of the Standard is expected to require this behavior, 303and it may become the default for non-privileged processes as well. 304.\" NB: update this caveat when TC1 is blessed. 305The support for executing interpreted programs is an extension. 306.Sh HISTORY 307The 308.Fn execve 309system call appeared in 310.Bx 4.2 . 311