EXECVE

NAME

SYNOPSIS

int execve (const char *filename, char *const argv [], char *const envp[]);

#include <proc_secure.h>

int execve (const char *filename, char *const argv [], char *const envp[], security_id_t sid);  

DESCRIPTION

execve_secure() is the same as execve except that it has an additional security identifier (SID) parameter. On success the process will be executing in the security context associated with that SID. A call to execve() may also cause a SID transition. A default transition is calculated based on the current SID of the process and the SID of the program being executed.

execve() does not return on success, and the text, data, bss, and stack of the calling process are overwritten by that of the program loaded. The program invoked inherits the calling process's PID, and any open file descriptors that are not set to close on exec or invalidated by the security policy because of a SID transition. Signals pending on the parent process are cleared. Any signals set to be caught by the calling process are reset to their default behaviour.

If the current program is being ptraced, a SIGTRAP is sent to it after a successful execve().

If the executable is an a.out dynamically-linked binary executable containing shared-library stubs, the Linux dynamic linker ld.so(8) is called at the start of execution to bring needed shared libraries into core and link the executable with them. The security policy must allow the process to execute from that shared library.

If the executable is a dynamically-linked ELF executable, the interpreter named in the PT_INTERP segment is used to load the needed shared libraries. This interpreter is typically /lib/ld-linux.so.1 for binaries linked with the Linux libc version 5, or /lib/ld-linux.so.2 for binaries linked with the GNU libc version 2. Appropriate permission checking is done to ensure that interpreter can be executed. Failure will result in a failure of the call.

RETURN VALUE

ERRORS

EACCES

The file or a script interpreter is not a regular file.

EACCES

Execute permission is denied for the file or a script interpreter.

EACCES

The file system is mounted noexec.

EPERM

The file system is mounted nosuid, the user is not the superuser, and the file has an SUID or SGID bit set.

EPERM

The process is being traced, the user is not the superuser and the file has an SUID or SGID bit set.

E2BIG

The argument list is too big.

ENOEXEC

An executable is not in a recognised format, is for the wrong architecture, or has some other format error that means it cannot be executed.

EFAULT

filename points outside your accessible address space.

ENAMETOOLONG

filename is too long.

ENOENT

The file filename or a script or ELF interpreter does not exist.

ENOMEM

Insufficient kernel memory was available.

ENOTDIR

A component of the path prefix of filename or a script or ELF interpreter is not a directory.

EACCES

Search permission is denied on a component of the path prefix of filename or the name of a script interpreter.

ELOOP

Too many symbolic links were encountered in resolving filename or the name of a script or ELF interpreter.

ETXTBUSY

Executable was open for writing by one or more processes.

EIO

An I/O error occurred.

ENFILE

The limit on the total number of files open on the system has been reached.

EMFILE

The process has the maximum number of files open.

EINVAL

An ELF executable had more than one PT_INTERP segment (i.e., tried to name more than one interpreter).

EISDIR

An ELF interpreter was a directory.

ELIBBAD

An ELF interpreter was not in a recognised format.

CONFORMING TO

NOTES

A maximum line length of 127 characters is allowed for the first line in a #! executable shell script.

Linux ignores the SUID and SGID bits on scripts. SID transitions may not occur if the new program is a script.

SEE ALSO

Index

NAME

SYNOPSIS

DESCRIPTION

RETURN VALUE

ERRORS

CONFORMING TO

NOTES

SEE ALSO