DragonFly On-Line Manual Pages
EXECVE(2) DragonFly System Calls Manual EXECVE(2)
execve, fexecve - execute a file
Standard C Library (libc, -lc)
execve(const char *path, char *const argv, char *const envp);
fexecve(int fd, char *const argv, char *const envp);
Execve() transforms the calling process into a new process. The new
process is constructed from an ordinary file, whose name is pointed to by
path, called the new process file. The fexecve() system call is
equivalent to execve() except that the file to be executed is determined
by the file descriptor fd instead of a path. This new process file is
either an executable object file, or a file of data for an interpreter.
An executable object file consists of an identifying header, followed by
pages of data representing the initial program (text) and initialized
data pages. Additional pages may be specified by the header to be
initialized with zero data; see elf(5) and a.out(5).
An interpreter file begins with a line of the form:
#! interpreter [arg]
When an interpreter file is execve'd, the system actually execve's the
specified interpreter. If the optional arg is specified, it becomes the
first argument to the interpreter, and the name of the originally
execve'd file becomes the second argument; otherwise, the name of the
originally execve'd file becomes the first argument. The original
arguments are shifted over to become the subsequent arguments. The
zeroth argument is set to the specified interpreter. (See script(7) for
a detailed discussion of interpreter file execution.)
The argument argv is a pointer to a null-terminated array of character
pointers to null-terminated character strings. These strings construct
the argument list to be made available to the new process. At least one
argument must be present in the array; by custom, the first element
should be the name of the executed program (for example, the last
component of path).
The argument envp is also a pointer to a null-terminated array of
character pointers to null-terminated strings. A pointer to this array
is normally stored in the global variable environ. These strings pass
information to the new process that is not directly an argument to the
command (see environ(7)).
File descriptors open in the calling process image remain open in the new
process image, except for those for which the close-on-exec flag is set
(see close(2) and fcntl(2)). Descriptors that remain open are unaffected
by execve(). If any of the standard descriptors (0, 1, and/or 2) are
closed at the time execve() is called, and the process will gain
privilege as a result of set-id semantics, those descriptors will be
reopened automatically. No programs, whether privileged or not, should
assume that these descriptors will remain closed across a call to
Signals set to be ignored in the calling process are set to be ignored in
the new process. Signals which are set to be caught in the calling
process image are set to default action in the new process image.
Blocked signals remain blocked regardless of changes to the signal
action. The signal stack is reset to be undefined (see sigaction(2) for
If the set-user-ID mode bit of the new process image file is set (see
chmod(2)), the effective user ID of the new process image is set to the
owner ID of the new process image file. If the set-group-ID mode bit of
the new process image file is set, the effective group ID of the new
process image is set to the group ID of the new process image file. (The
effective group ID is the first element of the group list.) The real
user ID, real group ID and other group IDs of the new process image
remain the same as the calling process image. After any set-user-ID and
set-group-ID processing, the effective user ID is recorded as the saved
set-user-ID, and the effective group ID is recorded as the saved set-
group-ID. These values may be used in changing the effective IDs later
The set-ID bits are not honored if the respective file system has the
nosuid option enabled or if the new process file is an interpreter file.
Syscall tracing is disabled if effective IDs are changed.
The new process also inherits the following attributes from the calling
process ID see getpid(2)
parent process ID see getppid(2)
process group ID see getpgrp(2)
access groups see getgroups(2)
working directory see chdir(2)
root directory see chroot(2)
control terminal see termios(4)
resource usages see getrusage(2)
interval timers see getitimer(2)
resource limits see getrlimit(2)
file mode mask see umask(2)
signal mask see sigaction(2), sigprocmask(2)
When a program is executed as a result of an execve() call, it is entered
main(int argc, char **argv, char **envp);
where argc is the number of elements in argv (the "argument count") and
argv points to the array of character pointers to the arguments
The fexecve() function ignores the file offset of fd. Since the execute
permission is checked by fexecve(), the file descriptor fd need not have
been opened with the O_EXEC flag. However, if the file to be executed
denies read permission for the process preparing to do the exec, the only
way to provide the fd to fexecve() is to use the O_EXEC flag when opening
fd. Note that the file to be executed can not be open for writing.
As execve() overlays the current process image with a new process image
the successful call has no process to return to. If execve() does return
to the calling process an error has occurred; the return value will be -1
and the global variable errno is set to indicate the error.
Fexecve() has the same return values as execve().
Execve() will fail and return to the calling process if:
[ENOTDIR] A component of the path prefix is not a directory.
[ENAMETOOLONG] A component of a pathname exceeded 255 characters, or
an entire path name exceeded 1023 characters.
[ENAMETOOLONG] When invoking an interpreted script, the interpreter
name exceeds MAXSHELLCMDLEN characters.
[ENOENT] The new process file does not exist.
[ELOOP] Too many symbolic links were encountered in
translating the pathname.
[EACCES] Search permission is denied for a component of the
[EACCES] The new process file is not an ordinary file.
[EACCES] The new process file mode denies execute permission.
[ENOEXEC] The new process file has the appropriate access
permission, but has an invalid magic number in its
[ETXTBSY] The new process file is a pure procedure (shared text)
file that is currently open for writing or reading by
[ENOMEM] The new process requires more virtual memory than is
allowed by the imposed maximum (getrlimit(2)).
[E2BIG] The number of bytes in the new process' argument list
is larger than the system-imposed limit. This limit
is specified by the sysctl(3) MIB variable
[EFAULT] The new process file is not as long as indicated by
the size values in its header.
[EFAULT] Path, argv, or envp point to an illegal address.
[EIO] An I/O error occurred while reading from the file
In addition, the fexecve() system call will fail and return to the
calling process if:
[EBADF] The fd argument is not a valid file descriptor open
If a program is setuid to a non-super-user, but is executed when the real
uid is "root", then the program has some of the powers of a super-user as
If the fd refers to to an interpreter file and the O_CLOEXEC flag has
been set, fexecve() fails with the ENOENT error; because the fd has
already been closed by the time the interpreter is executed.
ktrace(1), _exit(2), fork(2), execl(3), exit(3), sysctl(3), a.out(5),
elf(5), environ(7), script(7), mount(8)
The execve() system call conforms to IEEE Std 1003.1-2004 ("POSIX.1").
The fexecve() system call conforms to IEEE Std 1003.1-2008 ("POSIX.1").
The support for executing interpreted programs is an extension.
The execve() system call appeared in Version 7 AT&T UNIX. The fexecve()
system call first appeared in DragonFly 5.9.
DragonFly 5.9-DEVELOPMENT February 17, 2021 DragonFly 5.9-DEVELOPMENT