mirror of https://github.com/mkerrisk/man-pages
342 lines
10 KiB
Groff
342 lines
10 KiB
Groff
.\" Hey Emacs! This file is -*- nroff -*- source.
|
|
.\"
|
|
.\" Copyright (c) 1992 Drew Eckhardt (drew@cs.colorado.edu), March 28, 1992
|
|
.\" and Copyright (c) 2006 Michael Kerrisk <mtk-manpages@gmx.net>
|
|
.\"
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
.\" preserved on all copies.
|
|
.\"
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
.\" permission notice identical to this one.
|
|
.\"
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
.\" have taken the same level of care in the production of this manual,
|
|
.\" which is licensed free of charge, as they might when working
|
|
.\" professionally.
|
|
.\"
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
.\"
|
|
.\" Modified by Michael Haardt <michael@moria.de>
|
|
.\" Modified 1993-07-21 by Rik Faith <faith@cs.unc.edu>
|
|
.\" Modified 1994-08-21 by Michael Chastain <mec@shell.portal.com>:
|
|
.\" Modified 1997-01-31 by Eric S. Raymond <esr@thyrsus.com>
|
|
.\" Modified 1999-11-12 by Urs Thuermann <urs@isnogud.escape.de>
|
|
.\" Modified 2004-06-23 by Michael Kerrisk <mtk-manpages@gmx.net>
|
|
.\" 2006-09-04 Michael Kerrisk <mtk-manpages@gmx.net>
|
|
.\" Added list of process attributes that are not preserved on exec().
|
|
.\"
|
|
.TH EXECVE 2 2006-09-04 "Linux 2.6.17" "Linux Programmer's Manual"
|
|
.SH NAME
|
|
execve \- execute program
|
|
.SH SYNOPSIS
|
|
.B #include <unistd.h>
|
|
.sp
|
|
.BI "int execve(const char *" filename ", char *const " argv "[], "
|
|
.br
|
|
.BI " char *const " envp []);
|
|
.SH DESCRIPTION
|
|
\fBexecve\fP() executes the program pointed to by \fIfilename\fP.
|
|
\fIfilename\fP must be either a binary executable, or a script
|
|
starting with a line of the form "\fB#! \fIinterpreter \fR[arg]".
|
|
In the latter case, the interpreter must be a valid pathname for an
|
|
executable which is not itself a script, which will be invoked as
|
|
\fBinterpreter\fR [arg] \fIfilename\fR.
|
|
|
|
\fIargv\fP is an array of argument strings passed to the new program.
|
|
\fIenvp\fP is an array of strings, conventionally of the form
|
|
\fBkey=value\fR, which are passed as environment to the new program.
|
|
Both \fIargv\fP and \fIenvp\fP must be terminated by a null pointer.
|
|
The argument vector and environment can be accessed by the
|
|
called program's main function, when it is defined as \fBint main(int
|
|
argc, char *argv[], char *envp[])\fR.
|
|
|
|
\fBexecve\fP() does not return on success, and the text, data, bss, and
|
|
stack of the calling process are overwritten by that of the program
|
|
loaded.
|
|
|
|
If the current program is being ptraced, a \fBSIGTRAP\fP is sent to it
|
|
after a successful \fBexecve\fP().
|
|
|
|
If the set-user-ID bit is set on the program file pointed to by
|
|
\fIfilename\fP, and the calling process is not being ptraced,
|
|
then the effective user ID of the calling process is changed
|
|
to that of the owner of the program file.
|
|
Similarly, when the set-group-ID
|
|
bit of the program file is set the effective group ID of the calling
|
|
process is set to the group of the program file.
|
|
|
|
The effective user ID of the process is copied to the saved set-user-ID;
|
|
similarly, the effective group ID is copied to the saved set-group-ID.
|
|
This copying takes place after any effective ID changes that occur
|
|
because of the set-user-ID and set-group-ID permission bits.
|
|
|
|
If the executable is an a.out dynamically-linked
|
|
binary executable containing
|
|
shared-library stubs, the Linux dynamic linker
|
|
.BR ld.so (8)
|
|
is called at the start of execution to bring
|
|
needed shared libraries into memory
|
|
and link the executable with them.
|
|
|
|
If the executable is a dynamically-linked ELF executable, the
|
|
interpreter named in the PT_INTERP segment is used to load the needed
|
|
shared libraries.
|
|
This interpreter is typically
|
|
\fI/lib/ld-linux.so.1\fR for binaries linked with the Linux libc
|
|
version 5, or \fI/lib/ld-linux.so.2\fR for binaries linked with the
|
|
GNU libc version 2.
|
|
|
|
All process attributes are preserved during an
|
|
.BR execve (),
|
|
except the following:
|
|
.IP * 4
|
|
File descriptors that are marked close-on-exec are closed
|
|
(see the description of
|
|
.BR FD_CLOEXEC
|
|
in
|
|
.BR fcntl (2)).
|
|
.\" FIXME add some statement about the effect on record locks (fcntl()).
|
|
.IP * 4
|
|
The set of pending signals is cleared
|
|
.RB ( sigpending (2)).
|
|
.IP * 4
|
|
The dispositions of any signals that are being caught are
|
|
reset to being ignored.
|
|
.IP * 4
|
|
Any alternate signal stack is not preserved
|
|
.RB ( sigaltstack (2)).
|
|
.IP * 4
|
|
Memory mappings are not preserved
|
|
.RB ( mmap (2)).
|
|
.IP * 4
|
|
Attached System V shared memory segments are detached
|
|
.RB ( shmat (2)).
|
|
.IP * 4
|
|
POSIX shared memory regions are unmapped
|
|
.RB ( shm_open (3)).
|
|
.IP * 4
|
|
Open POSIX message queue descriptors are closed
|
|
.RB ( mq_overview (7)).
|
|
.IP * 4
|
|
Any open POSIX named semaphores are closed
|
|
.RB ( sem_overview (7)).
|
|
.IP * 4
|
|
POSIX timers are not preserved
|
|
.RB ( timer_create (3)).
|
|
.IP * 4
|
|
Any open directory streams are closed
|
|
.RB ( opendir (3)).
|
|
.IP * 4
|
|
Memory locks are not preserved
|
|
.RB ( mlock (2),
|
|
.BR mlockall (2)).
|
|
.IP * 4
|
|
Exit handlers are not preserved
|
|
.RB ( atexit (3),
|
|
.BR on_exit (3)).
|
|
.PP
|
|
The process attributes in the preceding list are all specified
|
|
in POSIX.1-2001.
|
|
The following Linux-specific process attributes are also
|
|
not preserved during an
|
|
.BR execve ():
|
|
.IP * 4
|
|
The
|
|
.BR prctl (2)
|
|
.B PR_SET_DUMPABLE
|
|
flag is set,
|
|
unless a set-user-ID or set-group ID program is being executed,
|
|
in which case it is cleared.
|
|
.IP * 4
|
|
The
|
|
.BR prctl (2)
|
|
.B PR_SET_KEEPCAPS
|
|
flag is cleared.
|
|
.IP * 4
|
|
The process name, as set by
|
|
.BR prctl (2)
|
|
.BR PR_SET_NAME
|
|
(and displayed by
|
|
.IR "ps -o comm" ),
|
|
is reset to the name of the new executable file.
|
|
.IP * 4
|
|
The termination signal is reset to SIGCHLD
|
|
(see
|
|
.BR clone (2)).
|
|
.PP
|
|
Note the following further points:
|
|
.IP * 4
|
|
All threads other than calling thread are destroyed during an
|
|
.BR execve ().
|
|
Mutexes, condition variables, and other pthreads objects are not preserved.
|
|
.IP * 4
|
|
The equivalent of \fIsetlocale(LC_ALL, "C")\fP
|
|
is executed at program start-up.
|
|
.IP * 4
|
|
POSIX.1-2001 specifies that the dispositions of any signals that
|
|
are ignored or set to the default are left unchanged.
|
|
POSIX.1-2001 specifies one exception: if SIGCHLD is being ignored,
|
|
then an implementation may leave the disposition unchanged or
|
|
reset it to the default; Linux does the former.
|
|
.IP * 4
|
|
Any outstanding asynchronous I/O operations are cancelled
|
|
.RB ( aio_read (3),
|
|
.BR aio_write (3)).
|
|
.IP * 4
|
|
For the handling of capabilities during
|
|
.BR execve (2),
|
|
see
|
|
.BR capabilities (7).
|
|
.SH "RETURN VALUE"
|
|
On success, \fBexecve\fP() does not return, on error \-1 is returned, and
|
|
.I errno
|
|
is set appropriately.
|
|
.SH ERRORS
|
|
.TP
|
|
.B E2BIG
|
|
The total number of bytes in the environment
|
|
.RI ( envp )
|
|
and argument list
|
|
.RI ( argv )
|
|
is too large.
|
|
.TP
|
|
.B EACCES
|
|
Search permission is denied on a component of the path prefix of
|
|
.I filename
|
|
or the name of a script interpreter.
|
|
(See also
|
|
.BR path_resolution (2).)
|
|
.TP
|
|
.B EACCES
|
|
The file or a script interpreter is not a regular file.
|
|
.TP
|
|
.B EACCES
|
|
Execute permission is denied for the file or a script or ELF interpreter.
|
|
.TP
|
|
.B EACCES
|
|
The file system is mounted
|
|
.IR noexec .
|
|
.TP
|
|
.B EFAULT
|
|
.I filename
|
|
points outside your accessible address space.
|
|
.TP
|
|
.B EINVAL
|
|
An ELF executable had more than one PT_INTERP segment (i.e., tried to
|
|
name more than one interpreter).
|
|
.TP
|
|
.B EIO
|
|
An I/O error occurred.
|
|
.TP
|
|
.B EISDIR
|
|
An ELF interpreter was a directory.
|
|
.TP
|
|
.B ELIBBAD
|
|
An ELF interpreter was not in a recognised format.
|
|
.TP
|
|
.B ELOOP
|
|
Too many symbolic links were encountered in resolving
|
|
.I filename
|
|
or the name of a script or ELF interpreter.
|
|
.TP
|
|
.B EMFILE
|
|
The process has the maximum number of files open.
|
|
.TP
|
|
.B ENAMETOOLONG
|
|
.I filename
|
|
is too long.
|
|
.TP
|
|
.B ENFILE
|
|
The system limit on the total number of open files has been reached.
|
|
.TP
|
|
.B ENOENT
|
|
The file
|
|
.I filename
|
|
or a script or ELF interpreter does not exist, or a shared library
|
|
needed for file or interpreter cannot be found.
|
|
.TP
|
|
.B ENOEXEC
|
|
An executable is not in a recognised format, is for the wrong
|
|
architecture, or has some other format error that means it cannot be
|
|
executed.
|
|
.TP
|
|
.B ENOMEM
|
|
Insufficient kernel memory was available.
|
|
.TP
|
|
.B ENOTDIR
|
|
A component of the path prefix of
|
|
.I filename
|
|
or a script or ELF interpreter is not a directory.
|
|
.TP
|
|
.B EPERM
|
|
The file system is mounted
|
|
.IR nosuid ,
|
|
the user is not the superuser,
|
|
and the file has the set-user-ID or set-group-ID bit set.
|
|
.TP
|
|
.B EPERM
|
|
The process is being traced, the user is not the superuser and the
|
|
file has the set-user-ID or set-group-ID bit set.
|
|
.TP
|
|
.B ETXTBSY
|
|
Executable was open for writing by one or more processes.
|
|
.SH "CONFORMING TO"
|
|
SVr4, 4.3BSD, POSIX.1-2001.
|
|
POSIX.1-2001 does not document the #! behavior
|
|
but is otherwise compatible.
|
|
.\" SVr4 documents additional error
|
|
.\" conditions EAGAIN, EINTR, ELIBACC, ENOLINK, EMULTIHOP; POSIX does not
|
|
.\" document ETXTBSY, EPERM, EFAULT, ELOOP, EIO, ENFILE, EMFILE, EINVAL,
|
|
.\" EISDIR or ELIBBAD error conditions.
|
|
.SH NOTES
|
|
Set-user-ID and set-group-ID processes can not be \fBptrace\fP()d.
|
|
|
|
Linux ignores the set-user-ID and set-group-ID bits on scripts.
|
|
|
|
The result of mounting a filesystem
|
|
.I nosuid
|
|
vary between Linux kernel versions:
|
|
some will refuse execution of set-user-ID and set-group-ID
|
|
executables when this would
|
|
give the user powers she did not have already (and return EPERM),
|
|
some will just ignore the set-user-ID and set-group-ID bits and
|
|
.BR exec ()
|
|
successfully.
|
|
|
|
A maximum line length of 127 characters is allowed for the first line in
|
|
a #! executable shell script.
|
|
.\" .SH BUGS
|
|
.\" Some Linux versions have failed to check permissions on ELF
|
|
.\" interpreters. This is a security hole, because it allows users to
|
|
.\" open any file, such as a rewinding tape device, for reading. Some
|
|
.\" Linux versions have also had other security holes in \fBexecve\fP(),
|
|
.\" that could be exploited for denial of service by a suitably crafted
|
|
.\" ELF binary. There are no known problems with 2.0.34 or 2.2.15.
|
|
.SH HISTORICAL
|
|
With Unix V6 the argument list of an
|
|
.BR exec ()
|
|
call was ended by 0,
|
|
while the argument list of
|
|
.I main
|
|
was ended by \-1. Thus, this
|
|
argument list was not directly usable in a further
|
|
.BR exec ()
|
|
call.
|
|
Since Unix V7 both are NULL.
|
|
.SH "SEE ALSO"
|
|
.BR chmod (2),
|
|
.BR fork (2),
|
|
.BR path_resolution (2),
|
|
.BR ptrace (2),
|
|
.BR execl (3),
|
|
.BR fexecve (3),
|
|
.BR environ (7),
|
|
.BR ld.so (8)
|