[apple/xnu.git] / bsd / man / man2 / execve.2

.\"	$NetBSD: execve.2,v 1.9 1995/02/27 12:32:25 cgd Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"	This product includes software developed by the University of
.\"	California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     @(#)execve.2	8.3 (Berkeley) 1/24/94
.\"
.Dd January 24, 1994
.Dt EXECVE 2
.Os BSD 4
.Sh NAME
.Nm execve
.Nd execute a file
.Sh SYNOPSIS
.Fd #include <unistd.h>
.Ft int
.Fn execve "const char *path" "char *const argv[]" "char *const envp[]"
.Sh DESCRIPTION
.Fn Execve
transforms the calling process into a new process.
The new process is constructed from an ordinary file,
whose name is pointed to by
.Fa path ,
called the
.Em new process file .
This file is either an executable object file,
or a file of data for an interpreter.
An executable object file consists of an identifying header,
followed by pages of data representing the initial program (text)
and initialized data pages.  Additional pages may be specified
by the header to be initialized with zero data;  see
.Xr a.out 5 .
.Pp
An interpreter file begins with a line of the form:
.Pp
.Bd -filled -offset indent -compact
.Sy \&#!
.Em interpreter
.Bq Em arg
.Ed
.Pp
When an interpreter file is
.Fn execve Ap d ,
the system
.Fn execve Ap s
runs the specified
.Em interpreter .
If the optional
.Em arg
is specified, it becomes the first argument to the
.Em interpreter ,
and the name of the originally
.Fn execve Ap d
file becomes the second argument;
otherwise, the name of the originally
.Fn execve Ap d
file becomes the first argument.  The original arguments are shifted over to
become the subsequent arguments.  The zeroth argument, normally the name of the
.Fn execve Ap d
file, is left unchanged.
.Pp
The argument
.Fa argv
is a pointer to a null-terminated array of
character pointers to null-terminated character strings.
These strings construct the argument list to be made available to the new
process.  At least one argument must be present in
the array; by custom, the first element should be
the name of the executed program (for example, the last component of
.Fa path ) .
.Pp
The argument
.Fa envp
is also a pointer to a null-terminated array of
character pointers to null-terminated strings.
A pointer to this array is normally stored in the global variable
.Va environ.
These strings pass information to the
new process that is not directly an argument to the command (see
.Xr environ 7 ) .
.Pp
File descriptors open in the calling process image remain open in
the new process image, except for those for which the close-on-exec
flag is set (see
.Xr close 2
and
.Xr fcntl 2 ) .
Descriptors that remain open are unaffected by
.Fn execve .
.Pp
Signals set to be ignored in the calling process are set to be ignored in
the
new process. Signals which are set to be caught in the calling process image
are set to default action in the new process image.
Blocked signals remain blocked regardless of changes to the signal action.
The signal stack is reset to be undefined (see
.Xr sigaction 2
for more information).
.Pp
If the set-user-ID mode bit of the new process image file is set
(see
.Xr chmod 2 ) ,
the effective user ID of the new process image is set to the owner ID
of the new process image file.
If the set-group-ID mode bit of the new process image file is set,
the effective group ID of the new process image is set to the group ID
of the new process image file.
(The effective group ID is the first element of the group list.)
The real user ID, real group ID and
other group IDs of the new process image remain the same as the calling
process image.
After any set-user-ID and set-group-ID processing,
the effective user ID is recorded as the saved set-user-ID,
and the effective group ID is recorded as the saved set-group-ID.
These values may be used in changing the effective IDs later (see
.Xr setuid 2 ) .
.Pp
The new process also inherits the following attributes from
the calling process:
.Pp
.Bl -column parent_process_ID -offset indent -compact
.It process ID Ta see Xr getpid 2
.It parent process ID Ta see Xr getppid 2
.It process group ID Ta see Xr getpgrp 2
.It access groups Ta see Xr getgroups 2
.It working directory Ta see Xr chdir 2
.It root directory Ta see Xr chroot 2
.It control terminal Ta see Xr termios 4
.It resource usages Ta see Xr getrusage 2
.It interval timers Ta see Xr getitimer 2
.It resource limits Ta see Xr getrlimit 2
.It file mode mask Ta see Xr umask 2
.It signal mask Ta see Xr sigaction 2 ,
.Xr sigsetmask 2
.El
.Pp
When a program is executed as a result of an
.Fn execve
call, it is entered as follows:
.Bd -literal -offset indent
main(argc, argv, envp)
int argc;
char **argv, **envp;
.Ed
.Pp
where
.Fa argc
is the number of elements in
.Fa argv
(the ``arg count'')
and
.Fa argv
points to the array of character pointers
to the arguments themselves.
.Sh RETURN VALUES
As the
.Fn execve
function overlays the current process image 
with a new process image the successful call
has no process to return to.
If
.Fn execve
does return to the calling process an error has occurred; the
return value will be -1 and the global variable
.Va errno
is set to indicate the error.
.Sh ERRORS
.Fn Execve
will fail and return to the calling process if:
.Bl -tag -width Er
.It Bq Er ENOTDIR
A component of the path prefix is not a directory.
.It Bq Er ENAMETOOLONG
A component of a pathname exceeded 
.Dv {NAME_MAX}
characters, or an entire path name exceeded 
.Dv {PATH_MAX}
characters.
.It Bq Er ENOENT
The new process file does not exist.
.It Bq Er ELOOP
Too many symbolic links were encountered in translating the pathname.
.It Bq Er EACCES
Search permission is denied for a component of the path prefix.
.It Bq Er EACCES
The new process file is not an ordinary file.
.It Bq Er EACCES
The new process file mode denies execute permission.
.It Bq Er EACCES
The new process file is on a filesystem mounted with execution
disabled
.Pf ( Dv MNT_NOEXEC
in
.Ao Pa sys/mount.h Ac ) .
.It Bq Er ENOEXEC
The new process file has the appropriate access
permission, but has an invalid magic number in its header.
.It Bq Er ETXTBSY
The new process file is a pure procedure (shared text)
file that is currently open for writing or reading by some process.
.It Bq Er ENOMEM
The new process requires more virtual memory than
is allowed by the imposed maximum
.Pq Xr getrlimit 2 .
.It Bq Er E2BIG
The number of bytes in the new process's argument list
is larger than the system-imposed limit.
This limit is specified by the
.Xr sysctl 3
MIB variable
.Dv KERN_ARGMAX .
.It Bq Er EFAULT
The new process file is not as long as indicated by
the size values in its header.
.It Bq Er EFAULT
.Fa Path ,
.Fa argv ,
or
.Fa envp
point
to an illegal address.
.It Bq Er EIO
An I/O error occurred while reading from the file system.
.El
.Sh CAVEAT
If a program is
.Em setuid
to a non-super-user, but is executed when
the real
.Em uid
is ``root'', then the program has some of the powers
of a super-user as well.
.Sh SEE ALSO
.Xr exit 2 ,
.Xr fork 2 ,
.Xr execl 3 ,
.Xr environ 7
.Sh HISTORY
The
.Fn execve
function call appeared in
.Bx 4.2 .
Commit	Line	Data
9bccf70c A	1	.\" $NetBSD: execve.2,v 1.9 1995/02/27 12:32:25 cgd Exp $
	2	.\"
	3	.\" Copyright (c) 1980, 1991, 1993
	4	.\" The Regents of the University of California. All rights reserved.
	5	.\"
	6	.\" Redistribution and use in source and binary forms, with or without
	7	.\" modification, are permitted provided that the following conditions
	8	.\" are met:
	9	.\" 1. Redistributions of source code must retain the above copyright
	10	.\" notice, this list of conditions and the following disclaimer.
	11	.\" 2. Redistributions in binary form must reproduce the above copyright
	12	.\" notice, this list of conditions and the following disclaimer in the
	13	.\" documentation and/or other materials provided with the distribution.
	14	.\" 3. All advertising materials mentioning features or use of this software
	15	.\" must display the following acknowledgement:
	16	.\" This product includes software developed by the University of
	17	.\" California, Berkeley and its contributors.
	18	.\" 4. Neither the name of the University nor the names of its contributors
	19	.\" may be used to endorse or promote products derived from this software
	20	.\" without specific prior written permission.
	21	.\"
	22	.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	23	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	24	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	25	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	26	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	27	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	28	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	29	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	30	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	31	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	32	.\" SUCH DAMAGE.
	33	.\"
	34	.\" @(#)execve.2 8.3 (Berkeley) 1/24/94
	35	.\"
	36	.Dd January 24, 1994
	37	.Dt EXECVE 2
	38	.Os BSD 4
	39	.Sh NAME
	40	.Nm execve
	41	.Nd execute a file
	42	.Sh SYNOPSIS
	43	.Fd #include <unistd.h>
	44	.Ft int
	45	.Fn execve "const char path" "char const argv[]" "char *const envp[]"
	46	.Sh DESCRIPTION
	47	.Fn Execve
	48	transforms the calling process into a new process.
	49	The new process is constructed from an ordinary file,
	50	whose name is pointed to by
	51	.Fa path ,
	52	called the
	53	.Em new process file .
	54	This file is either an executable object file,
	55	or a file of data for an interpreter.
	56	An executable object file consists of an identifying header,
	57	followed by pages of data representing the initial program (text)
	58	and initialized data pages. Additional pages may be specified
	59	by the header to be initialized with zero data; see
	60	.Xr a.out 5 .
	61	.Pp
	62	An interpreter file begins with a line of the form:
	63	.Pp
	64	.Bd -filled -offset indent -compact
65	.Sy \&#!
66	.Em interpreter
67	.Bq Em arg
68	.Ed
69	.Pp
70	When an interpreter file is
71	.Fn execve Ap d ,
72	the system
73	.Fn execve Ap s
74	runs the specified
75	.Em interpreter .
76	If the optional
77	.Em arg
78	is specified, it becomes the first argument to the
79	.Em interpreter ,
80	and the name of the originally
81	.Fn execve Ap d
82	file becomes the second argument;
83	otherwise, the name of the originally
84	.Fn execve Ap d
85	file becomes the first argument. The original arguments are shifted over to
86	become the subsequent arguments. The zeroth argument, normally the name of the
87	.Fn execve Ap d
88	file, is left unchanged.
89	.Pp
90	The argument
91	.Fa argv
92	is a pointer to a null-terminated array of
93	character pointers to null-terminated character strings.
94	These strings construct the argument list to be made available to the new
95	process. At least one argument must be present in
96	the array; by custom, the first element should be
97	the name of the executed program (for example, the last component of
98	.Fa path ) .
99	.Pp
100	The argument
101	.Fa envp
102	is also a pointer to a null-terminated array of
103	character pointers to null-terminated strings.
104	A pointer to this array is normally stored in the global variable
105	.Va environ.
106	These strings pass information to the
107	new process that is not directly an argument to the command (see
108	.Xr environ 7 ) .
109	.Pp
110	File descriptors open in the calling process image remain open in
111	the new process image, except for those for which the close-on-exec
112	flag is set (see
113	.Xr close 2
114	and
115	.Xr fcntl 2 ) .
116	Descriptors that remain open are unaffected by
117	.Fn execve .
118	.Pp
119	Signals set to be ignored in the calling process are set to be ignored in
120	the
121	new process. Signals which are set to be caught in the calling process image
122	are set to default action in the new process image.
123	Blocked signals remain blocked regardless of changes to the signal action.
124	The signal stack is reset to be undefined (see
125	.Xr sigaction 2
126	for more information).
127	.Pp
128	If the set-user-ID mode bit of the new process image file is set
129	(see
130	.Xr chmod 2 ) ,
131	the effective user ID of the new process image is set to the owner ID
132	of the new process image file.
133	If the set-group-ID mode bit of the new process image file is set,
134	the effective group ID of the new process image is set to the group ID
135	of the new process image file.
136	(The effective group ID is the first element of the group list.)
137	The real user ID, real group ID and
138	other group IDs of the new process image remain the same as the calling
139	process image.
140	After any set-user-ID and set-group-ID processing,
141	the effective user ID is recorded as the saved set-user-ID,
142	and the effective group ID is recorded as the saved set-group-ID.
143	These values may be used in changing the effective IDs later (see
144	.Xr setuid 2 ) .
145	.Pp
146	The new process also inherits the following attributes from
147	the calling process:
148	.Pp
149	.Bl -column parent_process_ID -offset indent -compact
150	.It process ID Ta see Xr getpid 2
151	.It parent process ID Ta see Xr getppid 2
152	.It process group ID Ta see Xr getpgrp 2
153	.It access groups Ta see Xr getgroups 2
154	.It working directory Ta see Xr chdir 2
155	.It root directory Ta see Xr chroot 2
156	.It control terminal Ta see Xr termios 4
157	.It resource usages Ta see Xr getrusage 2
158	.It interval timers Ta see Xr getitimer 2
159	.It resource limits Ta see Xr getrlimit 2
160	.It file mode mask Ta see Xr umask 2
161	.It signal mask Ta see Xr sigaction 2 ,
162	.Xr sigsetmask 2
163	.El
164	.Pp
165	When a program is executed as a result of an
166	.Fn execve
167	call, it is entered as follows:
168	.Bd -literal -offset indent
169	main(argc, argv, envp)
170	int argc;
171	char argv, envp;
172	.Ed
173	.Pp
174	where
175	.Fa argc
176	is the number of elements in
177	.Fa argv
178	(the ``arg count'')
179	and
180	.Fa argv
181	points to the array of character pointers
182	to the arguments themselves.
183	.Sh RETURN VALUES
184	As the
185	.Fn execve
186	function overlays the current process image
187	with a new process image the successful call
188	has no process to return to.
189	If
190	.Fn execve
191	does return to the calling process an error has occurred; the
192	return value will be -1 and the global variable
193	.Va errno
194	is set to indicate the error.
195	.Sh ERRORS
196	.Fn Execve
197	will fail and return to the calling process if:
198	.Bl -tag -width Er
199	.It Bq Er ENOTDIR
200	A component of the path prefix is not a directory.
201	.It Bq Er ENAMETOOLONG
202	A component of a pathname exceeded
203	.Dv {NAME_MAX}
204	characters, or an entire path name exceeded
205	.Dv {PATH_MAX}
206	characters.
207	.It Bq Er ENOENT
208	The new process file does not exist.
209	.It Bq Er ELOOP
210	Too many symbolic links were encountered in translating the pathname.
211	.It Bq Er EACCES
212	Search permission is denied for a component of the path prefix.
213	.It Bq Er EACCES
214	The new process file is not an ordinary file.
215	.It Bq Er EACCES
216	The new process file mode denies execute permission.
217	.It Bq Er EACCES
218	The new process file is on a filesystem mounted with execution
219	disabled
220	.Pf ( Dv MNT_NOEXEC
221	in
222	.Ao Pa sys/mount.h Ac ) .
223	.It Bq Er ENOEXEC
224	The new process file has the appropriate access
225	permission, but has an invalid magic number in its header.
226	.It Bq Er ETXTBSY
227	The new process file is a pure procedure (shared text)
228	file that is currently open for writing or reading by some process.
229	.It Bq Er ENOMEM
230	The new process requires more virtual memory than
231	is allowed by the imposed maximum
232	.Pq Xr getrlimit 2 .
233	.It Bq Er E2BIG
234	The number of bytes in the new process's argument list
235	is larger than the system-imposed limit.
55e303ae A	236	This limit is specified by the
	237	.Xr sysctl 3
	238	MIB variable
	239	.Dv KERN_ARGMAX .
9bccf70c A	240	.It Bq Er EFAULT
	241	The new process file is not as long as indicated by
	242	the size values in its header.
	243	.It Bq Er EFAULT
	244	.Fa Path ,
	245	.Fa argv ,
	246	or
	247	.Fa envp
	248	point
	249	to an illegal address.
	250	.It Bq Er EIO
	251	An I/O error occurred while reading from the file system.
	252	.El
	253	.Sh CAVEAT
	254	If a program is
	255	.Em setuid
	256	to a non-super-user, but is executed when
	257	the real
	258	.Em uid
	259	is ``root'', then the program has some of the powers
	260	of a super-user as well.
	261	.Sh SEE ALSO
	262	.Xr exit 2 ,
	263	.Xr fork 2 ,
	264	.Xr execl 3 ,
	265	.Xr environ 7
	266	.Sh HISTORY
	267	The
	268	.Fn execve
	269	function call appeared in
	270	.Bx 4.2 .