1EXECVE(2)                  Linux Programmer's Manual                 EXECVE(2)
2
3
4

NAME

6       execve - execute program
7

SYNOPSIS

9       #include <unistd.h>
10
11       int execve(const char *filename, char *const argv[],
12                  char *const envp[]);
13

DESCRIPTION

15       execve() executes the program pointed to by filename.  filename must be
16       either a binary executable, or a script starting with  a  line  of  the
17       form:
18
19           #! interpreter [optional-arg]
20
21       For details of the latter case, see "Interpreter scripts" below.
22
23       argv  is  an array of argument strings passed to the new program.  envp
24       is an array of strings, conventionally of the form key=value, which are
25       passed  as  environment to the new program.  Both argv and envp must be
26       terminated by a null pointer.  The argument vector and environment  can
27       be  accessed  by the called program's main function, when it is defined
28       as:
29
30           int main(int argc, char *argv[], char *envp[])
31
32       execve() does not return on success, and the text, data, bss, and stack
33       of the calling process are overwritten by that of the program loaded.
34
35       If  the current program is being ptraced, a SIGTRAP is sent to it after
36       a successful execve().
37
38       If the set-user-ID bit is set on the program file pointed to  by  file‐
39       name,  and  the  underlying  file  system  is  not  mounted nosuid (the
40       MS_NOSUID flag for mount(2)), and the  calling  process  is  not  being
41       ptraced,  then  the effective user ID of the calling process is changed
42       to that of the owner of the program file.   Similarly,  when  the  set-
43       group-ID  bit  of the program file is set the effective group ID of the
44       calling process is set to the group of the program file.
45
46       The effective user ID of the process is copied to the  saved  set-user-
47       ID; similarly, the effective group ID is copied to the saved set-group-
48       ID.  This copying takes place after any effective ID changes that occur
49       because of the set-user-ID and set-group-ID permission bits.
50
51       If the executable is an a.out dynamically linked binary executable con‐
52       taining shared-library stubs, the  Linux  dynamic  linker  ld.so(8)  is
53       called  at the start of execution to bring needed shared libraries into
54       memory and link the executable with them.
55
56       If the executable is a dynamically linked ELF  executable,  the  inter‐
57       preter named in the PT_INTERP segment is used to load the needed shared
58       libraries.  This interpreter is typically /lib/ld-linux.so.1 for  bina‐
59       ries  linked  with the Linux libc 5, or /lib/ld-linux.so.2 for binaries
60       linked with the glibc 2.
61
62       All process attributes are preserved during  an  execve(),  except  the
63       following:
64
65       *      The  dispositions of any signals that are being caught are reset
66              to the default (signal(7)).
67
68       *      Any alternate signal stack is not preserved (sigaltstack(2)).
69
70       *      Memory mappings are not preserved (mmap(2)).
71
72       *      Attached  System  V  shared   memory   segments   are   detached
73              (shmat(2)).
74
75       *      POSIX shared memory regions are unmapped (shm_open(3)).
76
77       *      Open  POSIX  message  queue  descriptors  are  closed  (mq_over‐
78              view(7)).
79
80       *      Any open POSIX named semaphores are closed (sem_overview(7)).
81
82       *      POSIX timers are not preserved (timer_create(2)).
83
84       *      Any open directory streams are closed (opendir(3)).
85
86       *      Memory locks are not preserved (mlock(2), mlockall(2)).
87
88       *      Exit handlers are not preserved (atexit(3), on_exit(3)).
89
90       *      The floating-point environment is  reset  to  the  default  (see
91              fenv(3)).
92
93       The  process  attributes  in  the  preceding  list are all specified in
94       POSIX.1-2001.  The following Linux-specific process attributes are also
95       not preserved during an execve():
96
97       *  The  prctl(2)  PR_SET_DUMPABLE  flag is set, unless a set-user-ID or
98          set-group ID program is being executed, in which case it is cleared.
99
100       *  The prctl(2) PR_SET_KEEPCAPS flag is cleared.
101
102       *  The process name, as set by prctl(2) PR_SET_NAME (and  displayed  by
103          ps -o comm), is reset to the name of the new executable file.
104
105       *  The termination signal is reset to SIGCHLD (see clone(2)).
106
107       Note the following further points:
108
109       *  All  threads  other  than the calling thread are destroyed during an
110          execve().  Mutexes, condition variables, and other pthreads  objects
111          are not preserved.
112
113       *  The  equivalent  of  setlocale(LC_ALL,  "C")  is executed at program
114          start-up.
115
116       *  POSIX.1-2001 specifies that the dispositions of any signals that are
117          ignored  or  set  to  the  default are left unchanged.  POSIX.1-2001
118          specifies one exception: if SIGCHLD is being ignored, then an imple‐
119          mentation  may  leave  the  disposition unchanged or reset it to the
120          default; Linux does the former.
121
122       *  Any   outstanding   asynchronous   I/O   operations   are   canceled
123          (aio_read(3), aio_write(3)).
124
125       *  For  the  handling  of  capabilities  during execve(), see capabili‐
126          ties(7).
127
128       *  By default, file descriptors remain open across an  execve().   File
129          descriptors  that  are  marked  close-on-exec  are  closed;  see the
130          description of FD_CLOEXEC in fcntl(2).  (If  a  file  descriptor  is
131          closed,  this will cause the release of all record locks obtained on
132          the underlying file by this process.   See  fcntl(2)  for  details.)
133          POSIX.1-2001  says that if file descriptors 0, 1, and 2 would other‐
134          wise be closed after a successful execve(), and  the  process  would
135          gain  privilege  because  the set-user_ID or set-group_ID permission
136          bit was set on the executed  file,  then  the  system  may  open  an
137          unspecified  file  for each of these file descriptors.  As a general
138          principle, no portable  program,  whether  privileged  or  not,  can
139          assume  that  these three file descriptors will remain closed across
140          an execve().
141
142   Interpreter scripts
143       An interpreter script is  a  text  file  that  has  execute  permission
144       enabled and whose first line is of the form:
145
146           #! interpreter [optional-arg]
147
148       The interpreter must be a valid pathname for an executable which is not
149       itself a script.  If the filename argument  of  execve()  specifies  an
150       interpreter script, then interpreter will be invoked with the following
151       arguments:
152
153           interpreter [optional-arg] filename arg...
154
155       where arg...  is the series of words pointed to by the argv argument of
156       execve().
157
158       For portable use, optional-arg should either be absent, or be specified
159       as a single word (i.e., it should not contain white space);  see  NOTES
160       below.
161
162   Limits on size of arguments and environment
163       Most  Unix  implementations  impose some limit on the total size of the
164       command-line argument (argv) and environment (envp) strings that may be
165       passed to a new program.  POSIX.1 allows an implementation to advertise
166       this limit using the ARG_MAX constant (either defined in <limits.h>  or
167       available at run time using the call sysconf(_SC_ARG_MAX)).
168
169       On  Linux prior to kernel 2.6.23, the memory used to store the environ‐
170       ment and argument strings was limited to 32 pages (defined by the  ker‐
171       nel  constant  MAX_ARG_PAGES).  On architectures with a 4-kB page size,
172       this yields a maximum size of 128 kB.
173
174       On kernel 2.6.23 and later, most architectures  support  a  size  limit
175       derived  from  the  soft RLIMIT_STACK resource limit (see getrlimit(2))
176       that is in force at the time of the execve() call.  (Architectures with
177       no  memory  management  unit are excepted: they maintain the limit that
178       was in effect before kernel 2.6.23.)  This change  allows  programs  to
179       have  a much larger argument and/or environment list.  For these archi‐
180       tectures, the total size is limited to 1/4 of the allowed  stack  size.
181       (Imposing  the  1/4-limit  ensures that the new program always has some
182       stack space.)  Since Linux 2.6.25, the kernel  places  a  floor  of  32
183       pages  on  this size limit, so that, even when RLIMIT_STACK is set very
184       low, applications are guaranteed to have at least as much argument  and
185       environment  space  as was provided by Linux 2.6.23 and earlier.  (This
186       guarantee was not provided in Linux 2.6.23 and 2.6.24.)   Additionally,
187       the  limit per string is 32 pages (the kernel constant MAX_ARG_STRLEN),
188       and the maximum number of strings is 0x7FFFFFFF.
189

RETURN VALUE

191       On success, execve() does not return, on  error  -1  is  returned,  and
192       errno is set appropriately.
193

ERRORS

195       E2BIG  The total number of bytes in the environment (envp) and argument
196              list (argv) is too large.
197
198       EACCES Search permission is denied on a component of the path prefix of
199              filename  or  the  name  of  a  script  interpreter.   (See also
200              path_resolution(7).)
201
202       EACCES The file or a script interpreter is not a regular file.
203
204       EACCES Execute permission is denied for the file or  a  script  or  ELF
205              interpreter.
206
207       EACCES The file system is mounted noexec.
208
209       EFAULT filename points outside your accessible address space.
210
211       EINVAL An  ELF  executable  had  more than one PT_INTERP segment (i.e.,
212              tried to name more than one interpreter).
213
214       EIO    An I/O error occurred.
215
216       EISDIR An ELF interpreter was a directory.
217
218       ELIBBAD
219              An ELF interpreter was not in a recognized format.
220
221       ELOOP  Too many symbolic links were encountered in  resolving  filename
222              or the name of a script or ELF interpreter.
223
224       EMFILE The process has the maximum number of files open.
225
226       ENAMETOOLONG
227              filename is too long.
228
229       ENFILE The  system  limit  on  the  total number of open files has been
230              reached.
231
232       ENOENT The file filename or a script or ELF interpreter does not exist,
233              or  a  shared  library  needed for file or interpreter cannot be
234              found.
235
236       ENOEXEC
237              An executable is not in a recognized format, is  for  the  wrong
238              architecture,  or has some other format error that means it can‐
239              not be executed.
240
241       ENOMEM Insufficient kernel memory was available.
242
243       ENOTDIR
244              A component of the path prefix of filename or a  script  or  ELF
245              interpreter is not a directory.
246
247       EPERM  The  file  system  is  mounted nosuid, the user is not the supe‐
248              ruser, and the file has the set-user-ID or set-group-ID bit set.
249
250       EPERM  The process is being traced, the user is not the  superuser  and
251              the file has the set-user-ID or set-group-ID bit set.
252
253       ETXTBSY
254              Executable was open for writing by one or more processes.
255

CONFORMING TO

257       SVr4,  4.3BSD,  POSIX.1-2001.   POSIX.1-2001  does  not document the #!
258       behavior but is otherwise compatible.
259

NOTES

261       Set-user-ID and set-group-ID processes can not be ptrace(2)d.
262
263       Linux ignores the set-user-ID and set-group-ID bits on scripts.
264
265       The result of mounting a file system nosuid varies across Linux  kernel
266       versions:  some  will  refuse execution of set-user-ID and set-group-ID
267       executables when this would give the  user  powers  she  did  not  have
268       already  (and  return EPERM), some will just ignore the set-user-ID and
269       set-group-ID bits and exec() successfully.
270
271       A maximum line length of 127 characters is allowed for the  first  line
272       in a #! executable shell script.
273
274       The  semantics  of  the  optional-arg argument of an interpreter script
275       vary across implementations.  On Linux, the entire string following the
276       interpreter name is passed as a single argument to the interpreter, and
277       this string can include white space.  However, behavior differs on some
278       other  systems.   Some  systems  use the first white space to terminate
279       optional-arg.  On some systems, an interpreter script can have multiple
280       arguments,  and  white  spaces  in optional-arg are used to delimit the
281       arguments.
282
283       On Linux, argv can be specified as NULL, which has the same  effect  as
284       specifying  this  argument  as  a pointer to a list containing a single
285       NULL pointer.  Do not take advantage of this misfeature!   It  is  non‐
286       standard  and  nonportable:  on most other Unix systems doing this will
287       result in an error (EFAULT).
288
289       POSIX.1-2001 says that values returned by sysconf(3) should be  invari‐
290       ant  over  the  lifetime of a process.  However, since Linux 2.6.23, if
291       the RLIMIT_STACK resource limit changes, then  the  value  reported  by
292       _SC_ARG_MAX  will  also  change,  to reflect the fact that the limit on
293       space for holding command-line arguments and environment variables  has
294       changed.
295
296   Historical
297       With  Unix V6 the argument list of an exec() call was ended by 0, while
298       the argument list of main was ended by -1.  Thus,  this  argument  list
299       was  not  directly usable in a further exec() call.  Since Unix V7 both
300       are NULL.
301

EXAMPLE

303       The following program is designed to be execed by  the  second  program
304       below.  It just echoes its command-line one per line.
305
306           /* myecho.c */
307
308           #include <stdio.h>
309           #include <stdlib.h>
310
311           int
312           main(int argc, char *argv[])
313           {
314               int j;
315
316               for (j = 0; j < argc; j++)
317                   printf("argv[%d]: %s\n", j, argv[j]);
318
319               exit(EXIT_SUCCESS);
320           }
321
322       This  program can be used to exec the program named in its command-line
323       argument:
324
325           /* execve.c */
326
327           #include <stdio.h>
328           #include <stdlib.h>
329           #include <unistd.h>
330
331           int
332           main(int argc, char *argv[])
333           {
334               char *newargv[] = { NULL, "hello", "world", NULL };
335               char *newenviron[] = { NULL };
336
337               if (argc != 2) {
338                fprintf(stderr, "Usage: %s <file-to-exec>\n", argv[0]);
339                exit(EXIT_FAILURE);
340               }
341
342               newargv[0] = argv[1];
343
344               execve(argv[1], newargv, newenviron);
345               perror("execve");   /* execve() only returns on error */
346               exit(EXIT_FAILURE);
347           }
348
349       We can use the second program to exec the first as follows:
350
351           $ cc myecho.c -o myecho
352           $ cc execve.c -o execve
353           $ ./execve ./myecho
354           argv[0]: ./myecho
355           argv[1]: hello
356           argv[2]: world
357
358       We can also use these programs to  demonstrate  the  use  of  a  script
359       interpreter.   To do this we create a script whose "interpreter" is our
360       myecho program:
361
362           $ cat > script.sh
363           #! ./myecho script-arg
364           ^D
365           $ chmod +x script.sh
366
367       We can then use our program to exec the script:
368
369           $ ./execve ./script.sh
370           argv[0]: ./myecho
371           argv[1]: script-arg
372           argv[2]: ./script.sh
373           argv[3]: hello
374           argv[4]: world
375

SEE ALSO

377       chmod(2), fork(2), ptrace(2), execl(3), fexecve(3), getopt(3),  creden‐
378       tials(7), environ(7), path_resolution(7), ld.so(8)
379

COLOPHON

381       This  page  is  part of release 3.25 of the Linux man-pages project.  A
382       description of the project, and information about reporting  bugs,  can
383       be found at http://www.kernel.org/doc/man-pages/.
384
385
386
387Linux                             2010-01-06                         EXECVE(2)
Impressum