What does execve() do?
Solution 1
Correct usage is
extern char * const environ[];
char * const command[] = {"nc", "-l", "-p", "porthere", "-e", "/bin/sh", NULL};
execve("/usr/bin/nc", command, environ);
You must use a full pathname, not a short name such as "nc"
(more precisely: no PATH
search is done, the pathname must be an actual existing file), and you must split arguments into separate strings beforehand. You also need to propagate the environment somehow, either via the extern environ
mentioned in the above snippet or as obtained from the third parameter of main()
; the latter is slightly more standards-blessed but may be more painful to pass around as needed.
Solution 2
execve
asks the operating system to start executing a different program in the current process.
Chances are pretty decent that you want execvp
or execlp
instead -- you haven't mentioned anything about wanting to provide the environment for the child, but from the looks of things you probably do want the path searched to find the executable you're using.
Nosrettap
I recently graduated from Duke University as a computer science and economics double major. I am now working full time as a software developer. I am proficient in Objective-C and Java, and I know (to some degree) C, C++, Python, Perl, SML, Assembly, HTML, CSS, JavaScript.
Updated on October 10, 2022Comments
-
Nosrettap over 1 year
What exactly does execve() do? I've tried looking at the documentation (http://linux.die.net/man/2/execve) but given that I'm very new to linux and this sort of programming it doesn't make a lot of sense. What I want to do is be able to execute this command:
nc -l -p someport -e /bin/sh
Can I do something like the following (where someport is a number such as 4444)
char *command[2]; command[0] = "nc -l -p someport -e /bin/sh" execve(command[0], name, NULL);
-
Nosrettap about 12 yearsAm I correct in assuming there should be a comma after "porthere"?
-
geekosaur about 12 yearsSorry, yes, that was a typo. Fixing.
-
Alexandre Holden Daly about 10 yearsthe answer below is so much better
-
peachykeen almost 2 yearsThis is not fully correct.
fork
orclone
create a new "child" process from a "parent" process.execve
replaces the current context of a process with a new one (without creating a new process). There currently (as far as I am aware) is no single syscall in Linux that both spawns a new process and executes a new program in this process---you need at least 2 syscalls. -
peachykeen almost 2 yearsmy comment is mostly about the terminology: "replaces the current process with a new process". The man page states the following: One sometimes sees execve() (and the related functions described in exec(3)) described as "executing a new process" (or similar). This is a highly misleading description: there is no new process; many attributes of the calling process remain unchanged (in particular, its PID). All that execve() does is arrange for an existing process (the calling process) to execute a new program.
-
Jerry Coffin almost 2 years@peachykeen: Fair enough--I've edited (though I entertain some doubts about its importance--somebody asking about the basic idea of what exec* is unlikely to care about details at this level).