| EXECVE(2) | System Calls Manual | EXECVE(2) | 
execve, fexecve —
#include <unistd.h>
int
  
  execve(const
    char *path, char *const
    argv[], char *const
    envp[]);
int
  
  fexecve(int
    fd, char *const
    argv[], char *const
    envp[]);
execve() system call transforms the calling process
  into a new process. The new process is constructed from an ordinary file,
  whose name is pointed to by path, called the
  new process file. The fexecve()
  system call is equivalent to execve() except that the
  file to be executed is determined by the file descriptor
  fd instead of a path. This file is
  either an executable object file, or a file of data for an interpreter. An
  executable object file consists of an identifying header, followed by pages of
  data representing the initial program (text) and initialized data pages.
  Additional pages may be specified by the header to be initialized with zero
  data; see elf(5) and
  a.out(5).
An interpreter file begins with a line of the form:
When an interpreter file is execve
    d, the system actually execve's the
    specified interpreter. If the optional
    arg is specified, it becomes the first argument to the
    interpreter, and the name of the originally
    execve'd file becomes the second argument; otherwise, the
    name of the originally execve'd file becomes the first
    argument. The original arguments are shifted over to become the subsequent
    arguments. The zeroth argument, normally the name of the
    execve()d file, is left unchanged. The interpreter
    named by interpreter must not itself be an interpreter
    file. (See script(7) for a
    detailed discussion of interpreter file execution.)
The argument argv is a pointer to a null-terminated array of character pointers to null-terminated character strings. These strings construct the argument list to be made available to the new process. At least one argument must be present in the array; by custom, the first element should be the name of the executed program (for example, the last component of path).
The argument envp is also a pointer to a null-terminated array of character pointers to null-terminated strings. A pointer to this array is normally stored in the global variable environ. These strings pass information to the new process that is not directly an argument to the command (see environ(7)).
File descriptors open in the calling process image remain open in
    the new process image, except for those for which the close-on-exec flag is
    set (see close(2) and
    fcntl(2)). Descriptors that
    remain open are unaffected by execve().
In the case of a new setuid or setgid executable being executed, if file descriptors 0, 1, or 2 (representing stdin, stdout, and stderr) are currently unallocated, these descriptors will be opened to point to some system file like /dev/null. The intent is to ensure these descriptors are not unallocated, since many libraries make assumptions about the use of these 3 file descriptors.
Signals set to be ignored in the calling process are set to be ignored in the new process. Signals which are set to be caught in the calling process image are set to default action in the new process image. Blocked signals remain blocked regardless of changes to the signal action. The signal stack is reset to be undefined (see sigaction(2) for more information).
If the set-user-ID mode bit of the new process image file is set
    (see chmod(2)), the effective
    user ID of the new process image is set to the owner ID of the new process
    image file. If the set-group-ID mode bit of the new process image file is
    set, the effective group ID of the new process image is set to the group ID
    of the new process image file. (The effective group ID is the first element
    of the group list.) The real user ID, real group ID and other group IDs of
    the new process image remain the same as the calling process image. After
    any set-user-ID and set-group-ID processing, the effective user ID is
    recorded as the saved set-user-ID, and the effective group ID is recorded as
    the saved set-group-ID. These values may be used in changing the effective
    IDs later (see setuid(2)). The
    set-ID bits are not honored if the respective file system has the
    nosuid option enabled or if the new process file is
    an interpreter file. Syscall tracing is disabled if effective IDs are
    changed.
The new process also inherits the following attributes from the calling process:
| process ID | see getpid(2) | 
| parent process ID | see getppid(2) | 
| process group ID | see getpgrp(2) | 
| access groups | see getgroups(2) | 
| working directory | see chdir(2) | 
| root directory | see chroot(2) | 
| control terminal | see termios(4) | 
| resource usages | see getrusage(2) | 
| interval timers | see getitimer(2) | 
| resource limits | see getrlimit(2) | 
| file mode mask | see umask(2) | 
| signal mask | see sigaction(2), sigprocmask(2) | 
When a program is executed as a result of an
    execve() system call, it is entered as follows:
main(argc, argv, envp) int argc; char **argv, **envp;
where argc is the number of elements in argv (the “arg count”) and argv points to the array of character pointers to the arguments themselves.
The fexecve() function ignores the file
    offset of fd. Since execute permission is checked by
    fexecve(), the file descriptor
    fd need not have been opened with the
    O_EXEC flag. However, if the file to be executed
    denies read permission for the process preparing to do the exec, the only
    way to provide the fd to
    fexecve() is to use the
    O_EXEC flag when opening fd.
    Note that the file to be executed can not be open for writing.
execve() system call overlays the current process
  image with a new process image the successful call has no process to return
  to. If execve() does return to the calling process an
  error has occurred; the return value will be -1 and the global variable
  errno is set to indicate the error.
execve() system call will fail and return to the
  calling process if:
E2BIG]NCARGS in
      ⟨sys/param.h⟩ and get be read from
      the sysctl(3) MIB variable
      KERN_ARGMAX.EACCES]MNT_NOEXEC in
      ⟨sys/mount.h⟩).EAGAIN]EFAULT]EIO]ELOOP]ENAMETOOLONG]NAME_MAX}
      characters, or an entire path name exceeded
      {PATH_MAX} characters.ENOENT]#! and the script interpreter does
      not exist.ENOEXEC]ENOMEM]ENOTDIR]ETXTBSY]In addition, the fexecve() will fail and
    return to the calling process if:
EBADF]execve() system call conforms to
  IEEE Std 1003.1-2001 (“POSIX.1”). with
  the exception of reopening descriptors 0, 1, and/or 2 in certain
  circumstances. A future update of the Standard is expected to require this
  behavior, and it may become the default for non-privileged processes as well.
  The support for executing interpreted programs is an extension. The
  fexecve() system call conforms to The Open Group
  Extended API Set 2 specification.
execve() function call first appeared in
  Version 7 AT&T UNIX. The
  fexecve() system call appeared in
  NetBSD 10.0.
| September 16, 2019 | NetBSD 10.0 |