What does execve() do?

c++ c linux execve

21,768

Solution 1

Correct usage is

extern char * const environ[];
char * const command[] = {"nc", "-l", "-p", "porthere", "-e", "/bin/sh", NULL};
execve("/usr/bin/nc", command, environ);

You must use a full pathname, not a short name such as "nc" (more precisely: no PATH search is done, the pathname must be an actual existing file), and you must split arguments into separate strings beforehand. You also need to propagate the environment somehow, either via the extern environ mentioned in the above snippet or as obtained from the third parameter of main(); the latter is slightly more standards-blessed but may be more painful to pass around as needed.

Solution 2

execve asks the operating system to start executing a different program in the current process.

Chances are pretty decent that you want execvp or execlp instead -- you haven't mentioned anything about wanting to provide the environment for the child, but from the looks of things you probably do want the path searched to find the executable you're using.

21,768

Author by

Nosrettap

I recently graduated from Duke University as a computer science and economics double major. I am now working full time as a software developer. I am proficient in Objective-C and Java, and I know (to some degree) C, C++, Python, Perl, SML, Assembly, HTML, CSS, JavaScript.

Updated on October 10, 2022

Comments

Nosrettap over 1 year
What exactly does execve() do? I've tried looking at the documentation (http://linux.die.net/man/2/execve) but given that I'm very new to linux and this sort of programming it doesn't make a lot of sense. What I want to do is be able to execute this command:
```
nc -l -p someport -e /bin/sh
```
Can I do something like the following (where someport is a number such as 4444)
```
char *command[2];
command[0] = "nc -l -p someport -e /bin/sh"
execve(command[0], name, NULL);
```
Nosrettap about 12 years

Am I correct in assuming there should be a comma after "porthere"?
geekosaur about 12 years

Sorry, yes, that was a typo. Fixing.
Alexandre Holden Daly about 10 years

the answer below is so much better
peachykeen almost 2 years

This is not fully correct. fork or clone create a new "child" process from a "parent" process. execve replaces the current context of a process with a new one (without creating a new process). There currently (as far as I am aware) is no single syscall in Linux that both spawns a new process and executes a new program in this process---you need at least 2 syscalls.
peachykeen almost 2 years

my comment is mostly about the terminology: "replaces the current process with a new process". The man page states the following: One sometimes sees execve() (and the related functions described in exec(3)) described as "executing a new process" (or similar). This is a highly misleading description: there is no new process; many attributes of the calling process remain unchanged (in particular, its PID). All that execve() does is arrange for an existing process (the calling process) to execute a new program.
Jerry Coffin almost 2 years

@peachykeen: Fair enough--I've edited (though I entertain some doubts about its importance--somebody asking about the basic idea of what exec* is unlikely to care about details at this level).