Print this page
5798 fexecve() needed per POSIX 2008
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/man/man2/exec.2
+++ new/usr/src/man/man2/exec.2
1 -'\" te
1 +.\" Copyright 2014 Garrett D'Amore <garrett@damore.org>
2 2 .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved.
3 3 .\" Copyright 1989 AT&T.
4 4 .\" Portions Copyright (c) 1992, X/Open Company Limited. All Rights Reserved.
5 5 .\" Sun Microsystems, Inc. gratefully acknowledges The Open Group for permission to reproduce portions of its copyrighted documentation. Original documentation from The Open Group can be obtained online at
6 6 .\" http://www.opengroup.org/bookstore/.
7 7 .\" The Institute of Electrical and Electronics Engineers and The Open Group, have given us permission to reprint portions of their documentation. In the following statement, the phrase "this text" refers to portions of the system documentation. Portions of this text are reprinted and reproduced in electronic form in the Sun OS Reference Manual, from IEEE Std 1003.1, 2004 Edition, Standard for Information Technology -- Portable Operating System Interface (POSIX), The Open Group Base Specifications Issue 6, Copyright (C) 2001-2004 by the Institute of Electrical and Electronics Engineers, Inc and The Open Group. In the event of any discrepancy between these versions and the original IEEE and The Open Group Standard, the original IEEE and The Open Group Standard is the referee document. The original Standard can be obtained online at http://www.opengroup.org/unix/online.html.
8 8 .\" This notice shall appear on any product containing this material.
9 9 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
10 10 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
11 11 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
12 -.TH EXEC 2 "Jun 16, 2008"
13 -.SH NAME
14 -exec, execl, execle, execlp, execv, execve, execvp \- execute a file
15 -.SH SYNOPSIS
16 -.LP
17 -.nf
18 -#include <unistd.h>
19 -
20 -\fBint\fR \fBexecl\fR(\fBconst char *\fR\fIpath\fR, \fBconst char *\fR\fIarg0\fR, \fB\&...
21 - /* const char *\fR\fIargn\fR, \fB(char *)0 */);\fR
22 -.fi
23 -
24 -.LP
25 -.nf
26 -\fBint\fR \fBexecv\fR(\fBconst char *\fR\fIpath\fR, \fBchar *const\fR \fIargv[]\fR);
27 -.fi
28 -
29 -.LP
30 -.nf
31 -\fBint\fR \fBexecle\fR(\fBconst char *\fR\fIpath\fR, \fBconst char *\fR\fIarg0\fR, \fB\&...
32 - /* const char *\fR\fIargn\fR, \fB(char *)0\fR,\fBchar *const\fR \fIenvp\fR[]*/);
33 -.fi
34 -
35 -.LP
36 -.nf
37 -\fBint\fR \fBexecve\fR(\fBconst char *\fR\fIpath\fR, \fBchar *const\fR \fIargv[]\fR,
38 - \fBchar *const\fR \fIenvp[]\fR);
39 -.fi
40 -
41 -.LP
42 -.nf
43 -\fBint\fR \fBexeclp\fR(\fBconst char *\fR\fIfile\fR, \fBconst char *\fR\fIarg0\fR, \fB\&...
44 - /* const char *\fR\fIargn\fR, \fB(char *)0 */);\fR
45 -.fi
46 -
47 -.LP
48 -.nf
49 -\fBint\fR \fBexecvp\fR(\fBconst char *\fR\fIfile\fR, \fBchar *const\fR \fIargv[]\fR);
50 -.fi
51 -
52 -.SH DESCRIPTION
53 -.sp
54 -.LP
55 -Each of the functions in the \fBexec\fR family replaces the current process
56 -image with a new process image. The new image is constructed from a regular,
57 -executable file called the \fBnew process image file\fR. This file is either an
12 +.Dd Sep 19, 2014
13 +.Dt EXEC 2
14 +.Os
15 +.Sh NAME
16 +.Nm exec ,
17 +.Nm execl ,
18 +.Nm execle ,
19 +.Nm execlp ,
20 +.Nm execv ,
21 +.Nm execve ,
22 +.Nm execvp ,
23 +.Nm fexecve
24 +.Nd execute a file
25 +.Sh SYNOPSIS
26 +.In unistd.h
27 +.
28 +.Ft int
29 +.Fo execl
30 +.Fa "const char *path"
31 +.Fa "const char *arg0"
32 +.Fa "... /* const char *argn, (char *)0 */"
33 +.Fc
34 +.
35 +.Ft int
36 +.Fo execv
37 +.Fa "const char *path"
38 +.Fa "char *const argv[]"
39 +.Fc
40 +.
41 +.Ft int
42 +.Fo execle
43 +.Fa "const char *path"
44 +.Fa "const char *arg0"
45 +.Fa "... /* const char *argn, (char *)0, char *const envp[] */"
46 +.Fc
47 +.
48 +.Ft int
49 +.Fo execve
50 +.Fa "const char *path"
51 +.Fa "char *const argv[]"
52 +.Fa "char *const envp[]"
53 +.Fc
54 +.
55 +.Ft int
56 +.Fo execlp
57 +.Fa "const char *file"
58 +.Fa "const char *arg0"
59 +.Fa "... /* const char *argn, (char *)0 */"
60 +.Fc
61 +.
62 +.Ft int
63 +.Fo execvp
64 +.Fa "const char *file"
65 +.Fa "char *const argv[]"
66 +.Fc
67 +.
68 +.Ft int
69 +.Fo fexecve
70 +.Fa "int fd"
71 +.Fa "char *const argv[]"
72 +.Fa "char *const envp[]"
73 +.Fc
74 +.Sh DESCRIPTION
75 +Each of the functions in the
76 +.Nm exec
77 +family replaces the current process image with a new process image.
78 +The new image is constructed from a regular, executable file called the
79 +.Em new process image file .
80 +This file is either an
58 81 executable object file or a file of data for an interpreter. There is no return
59 82 from a successful call to one of these functions because the calling process
60 83 image is overlaid by the new process image.
61 -.sp
62 -.LP
84 +.Lp
63 85 An interpreter file begins with a line of the form
64 -.sp
65 -.in +2
66 -.nf
67 -#! pathname [\fIarg\fR]
68 -.fi
69 -.in -2
70 -
71 -.sp
72 -.LP
73 -where \fIpathname\fR is the path of the interpreter, and \fIarg\fR is an
74 -optional argument. When an interpreter file is executed, the system invokes the
75 -specified interpreter. The pathname specified in the interpreter file is passed
76 -as \fIarg0\fR to the interpreter. If \fIarg\fR was specified in the interpreter
77 -file, it is passed as \fIarg1\fR to the interpreter. The remaining arguments to
78 -the interpreter are \fIarg0\fR through \fIargn\fR of the originally exec'd
79 -file. The interpreter named by \fIpathname\fR must not be an interpreter file.
80 -.sp
81 -.LP
86 +.Lp
87 +.Dl #! pathname Op Ar arg
88 +.Lp
89 +where
90 +.Ar pathname
91 +is the path of the interpreter, and
92 +.Ar arg
93 +is an optional argument.
94 +When an interpreter file is executed, the system invokes the
95 +specified interpreter.
96 +The pathname specified in the interpreter file is passed as
97 +.Fa arg0
98 +to the interpreter.
99 +If
100 +.Ar arg
101 +was specified in the interpreter file, it is passed as
102 +.Fa arg1
103 +to the interpreter.
104 +The remaining arguments to
105 +the interpreter are
106 +.Fa arg0
107 +through
108 +.Fa argn
109 +of the originally exec'd file.
110 +The interpreter named by
111 +.Ar pathname
112 +must not be an interpreter file.
113 +.Lp
82 114 When a C-language program is executed as a result of this call, it is entered
83 115 as a C-language function call as follows:
84 -.sp
85 -.in +2
86 -.nf
87 -int main (int argc, char *argv[]);
88 -.fi
89 -.in -2
90 -
91 -.sp
92 -.LP
93 -where \fIargc\fR is the argument count and \fIargv\fR is an array of character
94 -pointers to the arguments themselves. In addition, the following variable:
95 -.sp
96 -.in +2
97 -.nf
98 -extern char **environ;
99 -.fi
100 -.in -2
101 -
102 -.sp
103 -.LP
116 +.Lp
117 +.Dl Ft int Fn main "int argc" "char *argv[]"
118 +.Lp
119 +where
120 +.Fa argc
121 +is the argument count and
122 +.Fa argv
123 +is an array of character pointers to the arguments themselves.
124 +In addition, the following variable:
125 +.Lp
126 +.Dl Vt "extern char **" Ns Va environ ;
127 +.Lp
104 128 is initialized as a pointer to an array of character pointers to the
105 -environment strings. The \fIargv\fR and \fIenviron\fR arrays are each
106 -terminated by a null pointer. The null pointer terminating the \fIargv\fR array
107 -is not counted in \fIargc\fR.
108 -.sp
109 -.LP
110 -The value of \fIargc\fR is non-negative, and if greater than 0, \fIargv\fR[0]
111 -points to a string containing the name of the file. If \fIargc\fR is 0,
112 -\fIargv\fR[0] is a null pointer, in which case there are no arguments.
113 -Applications should verify that \fIargc\fR is greater than 0 or that
114 -\fIargv\fR[0] is not a null pointer before dereferencing \fIargv\fR[0].
115 -.sp
116 -.LP
117 -The arguments specified by a program with one of the \fBexec\fR functions are
118 -passed on to the new process image in the \fBmain()\fR arguments.
119 -.sp
120 -.LP
121 -The \fIpath\fR argument points to a path name that identifies the new process
122 -image file.
123 -.sp
124 -.LP
125 -The \fIfile\fR argument is used to construct a pathname that identifies the new
126 -process image file. If the \fIfile\fR argument contains a slash character, it
127 -is used as the pathname for this file. Otherwise, the path prefix for this file
128 -is obtained by a search of the directories passed in the \fBPATH\fR environment
129 -variable (see \fBenviron\fR(5)). The environment is supplied typically by the
130 -shell. If the process image file is not a valid executable object file,
131 -\fBexeclp()\fR and \fBexecvp()\fR use the contents of that file as standard
132 -input to the shell. In this case, the shell becomes the new process image. The
133 -standard to which the caller conforms determines which shell is used. See
134 -\fBstandards\fR(5).
135 -.sp
136 -.LP
137 -The arguments represented by \fIarg0\fR\&.\|.\|. are pointers to
138 -null-terminated character strings. These strings constitute the argument list
139 -available to the new process image. The list is terminated by a null pointer.
140 -The \fIarg0\fR argument should point to a filename that is associated with the
141 -process being started by one of the \fBexec\fR functions.
142 -.sp
143 -.LP
144 -The \fIargv\fR argument is an array of character pointers to null-terminated
145 -strings. The last member of this array must be a null pointer. These strings
146 -constitute the argument list available to the new process image. The value in
147 -\fIargv\fR[0] should point to a filename that is associated with the process
148 -being started by one of the \fBexec\fR functions.
149 -.sp
150 -.LP
151 -The \fIenvp\fR argument is an array of character pointers to null-terminated
152 -strings. These strings constitute the environment for the new process image.
153 -The \fIenvp\fR array is terminated by a null pointer. For \fBexecl()\fR,
154 -\fBexecv()\fR, \fBexecvp()\fR, and \fBexeclp()\fR, the C-language run-time
129 +environment strings.
130 +The
131 +.Fa argv
132 +and
133 +.Va environ
134 +arrays are each terminated by a null pointer.
135 +The null pointer terminating the
136 +.Fa argv
137 +array is not counted in
138 +.Fa argc .
139 +.Lp
140 +The value of
141 +.Fa argc
142 +is non-negative, and if greater than 0,
143 +.Fa argv Ns [0]
144 +points to a string containing the name of the file.
145 +If
146 +.Fa argc
147 +is 0,
148 +.Fa argv Ns [0]
149 +is a null pointer, in which case there are no arguments.
150 +Applications should verify that
151 +.Fa argc
152 +is greater than 0 or that
153 +.Fa argv Ns [0]
154 +is not a null pointer before dereferencing
155 +.Fa argv Ns [0] .
156 +.Lp
157 +The arguments specified by a program with one of the
158 +.Nm exec
159 +functions are passed on to the new process image in the
160 +Fn main
161 +arguments.
162 +.Lp
163 +The
164 +.Fa path
165 +argument points to a path name that identifies the new process image file.
166 +.Lp
167 +The
168 +.Fa file
169 +argument is used to construct a pathname that identifies the new
170 +process image file.
171 +If the
172 +.Fa file
173 +argument contains a slash character, it is used as the pathname for this file.
174 +Otherwise, the path prefix for this file is obtained by a search of the
175 +directories passed in the
176 +.Ev PATH
177 +environment variable.
178 +See
179 +.Xr environ 5 .
180 +The environment is supplied typically by the shell.
181 +If the process image file is not a valid executable object file,
182 +.Fn execlp
183 +and
184 +.Fn execvp
185 +use the contents of that file as standard input to the shell.
186 +In this case, the shell becomes the new process image.
187 +The standard to which the caller conforms determines which shell is used.
188 +See
189 +.Xr standards 5 .
190 +.Lp
191 +The
192 +.Fn fexecve
193 +function is equivalent to
194 +.Fn execve ,
195 +except that instead of using a named file, the file referenced by
196 +the file descriptor
197 +.Fa fd
198 +is used. Note that this file descriptor must reference a regular
199 +file and must have been opened for execute
200 +.Po with
201 +Dv O_EXEC ,
202 +defined in
203 +.In fcntl.h .
204 +.Pc
205 +The image is loaded from offset zero of the file, regardless of
206 +the offset of
207 +.Fa fd .
208 +.Lp
209 +The arguments represented by
210 +.Fa arg0 Ns "..."
211 +are pointers to null-terminated character strings.
212 +These strings constitute the argument list available to the new process image.
213 +The list is terminated by a null pointer.
214 +The
215 +.Fa arg0
216 +argument should point to a filename that is associated with the
217 +process being started by one of the
218 +.Nm exec
219 +functions.
220 +.Lp
221 +The
222 +.Fa argv
223 +argument is an array of character pointers to null-terminated strings.
224 +The last member of this array must be a null pointer.
225 +These strings constitute the argument list available to the new process image.
226 +The value in
227 +.Fa argv Ns [0]
228 +should point to a filename that is associated with the process
229 +being started by one of the
230 +.Nm exec
231 +functions.
232 +.Lp
233 +The
234 +.Fa envp
235 +argument is an array of character pointers to null-terminated strings.
236 +These strings constitute the environment for the new process image.
237 +The
238 +.Fa envp
239 +array is terminated by a null pointer.
240 +For
241 +.Fn execl , execv , execvp ,
242 +and
243 +.Fn execlp ,
244 +the C-language run-time
155 245 start-off routine places a pointer to the environment of the calling process in
156 -the global object \fBextern char **environ\fR, and it is used to pass the
246 +the global object
247 +.Va environ ,
248 +and it is used to pass the
157 249 environment of the calling process to the new process image.
158 -.sp
159 -.LP
250 +.Lp
160 251 The number of bytes available for the new process's combined argument and
161 -environment lists is \fBARG_MAX\fR. It is implementation-dependent whether null
252 +environment lists is
253 +.Dv ARG_MAX .
254 +It is implementation-dependent whether null
162 255 terminators, pointers, and/or any alignment bytes are included in this total.
163 -.sp
164 -.LP
256 +.Lp
165 257 File descriptors open in the calling process image remain open in the new
166 -process image, except for those whose close-on-exec flag \fBFD_CLOEXEC\fR is
167 -set; see \fBfcntl\fR(2). For those file descriptors that remain open, all
258 +process image, except for those whose close-on-exec flag
259 +.Dv FD_CLOEXEC
260 +is set; see
261 +.Xr fcntl 2 .
262 +For those file descriptors that remain open, all
168 263 attributes of the open file description, including file locks, remain
169 264 unchanged.
170 -.sp
171 -.LP
172 -The preferred hardware address translation size (see \fBmemcntl\fR(2)) for the
265 +.Lp
266 +The preferred hardware address translation size
267 +.Pq see Xr memcntl 2
268 +for the
173 269 stack and heap of the new process image are set to the default system page
174 270 size.
175 -.sp
176 -.LP
271 +.Lp
177 272 Directory streams open in the calling process image are closed in the new
178 273 process image.
179 -.sp
180 -.LP
274 +.Lp
181 275 The state of conversion descriptors and message catalogue descriptors in the
182 276 new process image is undefined. For the new process, the equivalent of:
183 -.sp
184 -.in +2
185 -.nf
186 -setlocale(LC_ALL, "C")
187 -.fi
188 -.in -2
189 -
190 -.sp
191 -.LP
277 +.Lp
278 +.Dl Fn setlocale LC_ALL \("C" ;
279 +.Lp
192 280 is executed at startup.
193 -.sp
194 -.LP
195 -Signals set to the default action (\fBSIG_DFL\fR) in the calling process image
196 -are set to the default action in the new process image (see \fBsignal\fR(3C)).
197 -Signals set to be ignored (\fBSIG_IGN\fR) by the calling process image are set
198 -to be ignored by the new process image. Signals set to be caught by the calling
199 -process image are set to the default action in the new process image (see
200 -\fBsignal.h\fR(3HEAD)). After a successful call to any of the \fBexec\fR
201 -functions, alternate signal stacks are not preserved and the \fBSA_ONSTACK\fR
281 +.Lp
282 +Signals set to the default action
283 +.Pq Dv BSIG_DFL
284 +in the calling process image
285 +are set to the default action in the new process image
286 +.Pq see Xr signal 3C .
287 +Signals set to be ignored
288 +.Pq Dv SIG_IGN
289 +by the calling process image are set to be ignored by the new process image.
290 +Signals set to be caught by the calling
291 +process image are set to the default action in the new process image
292 +.Pq see Xr signal.h 3HEAD .
293 +After a successful call to any of the
294 +.Nm exec
295 +functions, alternate signal stacks are not preserved and the
296 +.Dv SA_ONSTACK
202 297 flag is cleared for all signals.
203 -.sp
204 -.LP
205 -After a successful call to any of the \fBexec\fR functions, any functions
206 -previously registered by \fBatexit\fR(3C) are no longer registered.
207 -.sp
208 -.LP
298 +.Lp
299 +After a successful call to any of the
300 +.Nm exec
301 +functions, any functions
302 +previously registered by
303 +.Xr atexit 3C
304 +are no longer registered.
305 +.Lp
209 306 The saved resource limits in the new process image are set to be a copy of the
210 307 process's corresponding hard and soft resource limits.
211 -.sp
212 -.LP
213 -If the \fBST_NOSUID\fR bit is set for the file system containing the new
214 -process image file, then the effective user \fBID\fR and effective group
215 -\fBID\fR are unchanged in the new process image. If the set-user-\fBID\fR mode
216 -bit of the new process image file is set (see \fBchmod\fR(2)), the effective
217 -user \fBID\fR of the new process image is set to the owner \fBID\fR of the new
218 -process image file. Similarly, if the set-group-\fBID\fR mode bit of the new
219 -process image file is set, the effective group \fBID\fR of the new process
220 -image is set to the group \fBID\fR of the new process image file. The real user
221 -\fBID\fR and real group \fBID\fR of the new process image remain the same as
222 -those of the calling process image. The effective user ID and effective group
223 -ID of the new process image are saved (as the saved set-user-ID and the saved
224 -set-group-ID for use by \fBsetuid\fR(2).
225 -.sp
226 -.LP
308 +.Lp
309 +If the
310 +.Dv ST_NOSUID
311 +bit is set for the file system containing the new
312 +process image file, then the effective user ID and effective group
313 +ID are unchanged in the new process image.
314 +If the set-user-ID mode bit of the new process image file is set
315 +.Pq see Xr chmod 2 ,
316 +the effective
317 +user ID of the new process image is set to the owner ID of the new
318 +process image file.
319 +Similarly, if the set-group-ID mode bit of the new
320 +process image file is set, the effective group ID of the new process
321 +image is set to the group ID of the new process image file.
322 +The real user ID and real group ID of the new process image remain the same as
323 +those of the calling process image.
324 +The effective user ID and effective group
325 +ID of the new process image are saved
326 +.Po
327 +as the saved set-user-ID and the saved set-group-ID for use by
328 +.Xr setuid 2 Pc .
329 +.Lp
227 330 The privilege sets are changed according to the following rules:
228 -.RS +4
229 -.TP
230 -1.
331 +.Bl -enum
332 +.It
231 333 The inheritable set, I, is intersected with the limit set, L. This
232 334 mechanism enforces the limit set for processes.
233 -.RE
234 -.RS +4
235 -.TP
236 -2.
335 +.It
237 336 The effective set, E, and the permitted set, P, are made equal to the new
238 337 inheritable set.
239 -.RE
240 -.sp
241 -.LP
338 +.El
339 +.Lp
242 340 The system attempts to set the privilege-aware state to non-PA both before
243 341 performing any modifications to the process IDs and privilege sets as well as
244 342 after completing the transition to new UIDs and privilege sets, following the
245 -rules outlined in \fBprivileges\fR(5).
246 -.sp
247 -.LP
248 -If the {\fBPRIV_PROC_OWNER\fR} privilege is asserted in the effective set, the
343 +rules outlined in
344 +.Xr privileges 5 .
345 +.Lp
346 +If the
347 +.Brq Dv PRIV_PROC_OWNER
348 +privilege is asserted in the effective set, the
249 349 set-user-ID and set-group-ID bits will be honored when the process is being
250 -controlled by \fBptrace\fR(3C). Additional restriction can apply when the
251 -traced process has an effective UID of 0. See \fBprivileges\fR(5).
252 -.sp
253 -.LP
350 +controlled by
351 +.Xr ptrace 3C .
352 +Additional restrictions can apply when the
353 +traced process has an effective UID of 0.
354 +See
355 +.Xr privileges 5 .
356 +.Lp
254 357 Any shared memory segments attached to the calling process image will not be
255 -attached to the new process image (see \fBshmop\fR(2)). Any mappings
256 -established through \fBmmap()\fR are not preserved across an \fBexec\fR. Memory
358 +attached to the new process image
359 +.Pq see Xr shmop 2 .
360 +Any mappings
361 +established through
362 +.Xr mmap 2
363 +are not preserved across an
364 +.Nm exec .
365 +Memory
257 366 mappings created in the process are unmapped before the address space is
258 -rebuilt for the new process image. See \fBmmap\fR(2).
259 -.sp
260 -.LP
261 -Memory locks established by the calling process via calls to \fBmlockall\fR(3C)
262 -or \fBmlock\fR(3C) are removed. If locked pages in the address space of the
367 +rebuilt for the new process image.
368 +See
369 +.Xr mmap 2 .
370 +.Lp
371 +Memory locks established by the calling process via calls to
372 +.Xr mlockall 3C
373 +or
374 +.Xr mlock 3C
375 +are removed.
376 +If locked pages in the address space of the
263 377 calling process are also mapped into the address spaces the locks established
264 378 by the other processes will be unaffected by the call by this process to the
265 -\fBexec\fR function. If the \fBexec\fR function fails, the effect on memory
266 -locks is unspecified.
267 -.sp
268 -.LP
269 -If \fB_XOPEN_REALTIME\fR is defined and has a value other than \(mi1, any named
379 +.Nm exec
380 +function.
381 +If the
382 +.Nm exec
383 +function fails, the effect on memory locks is unspecified.
384 +.Lp
385 +If
386 +.Dv _XOPEN_REALTIME
387 +is defined and has a value other than \(mi1, any named
270 388 semaphores open in the calling process are closed as if by appropriate calls to
271 -\fBsem_close\fR(3C)
272 -.sp
273 -.LP
274 -Profiling is disabled for the new process; see \fBprofil\fR(2).
275 -.sp
276 -.LP
277 -Timers created by the calling process with \fBtimer_create\fR(3C) are deleted
389 +.Xr sem_close 3C .
390 +.Lp
391 +Profiling is disabled for the new process; see
392 +.Xr profil 2 .
393 +.Lp
394 +Timers created by the calling process with
395 +.Xr timer_create 3C
396 +are deleted
278 397 before replacing the current process image with the new process image.
279 -.sp
280 -.LP
281 -For the \fBSCHED_FIFO\fR and \fBSCHED_RR\fR scheduling policies, the policy and
282 -priority settings are not changed by a call to an \fBexec\fR function.
283 -.sp
284 -.LP
398 +.Lp
399 +For the
400 +.Dv SCHED_FIFO
401 +and
402 +.Dv SCHED_RR
403 +scheduling policies, the policy and
404 +priority settings are not changed by a call to an
405 +.Nm exec
406 +function.
407 +.Lp
285 408 All open message queue descriptors in the calling process are closed, as
286 -described in \fBmq_close\fR(3C).
287 -.sp
288 -.LP
409 +described in
410 +.Xr mq_close 3C .
411 +.Lp
289 412 Any outstanding asynchronous I/O operations may be cancelled. Those
290 413 asynchronous I/O operations that are not canceled will complete as if the
291 -\fBexec\fR function had not yet occurred, but any associated signal
292 -notifications are suppressed. It is unspecified whether the \fBexec\fR function
293 -itself blocks awaiting such I/O completion. In no event, however, will the new
294 -process image created by the \fBexec\fR function be affected by the presence of
295 -outstanding asynchronous I/O operations at the time the \fBexec\fR function is
296 -called.
297 -.sp
298 -.LP
299 -All active contract templates are cleared (see \fBcontract\fR(4)).
300 -.sp
301 -.LP
414 +.Nm exec
415 +function had not yet occurred, but any associated signal
416 +notifications are suppressed.
417 +It is unspecified whether the
418 +.Nm exec
419 +function itself blocks awaiting such I/O completion.
420 +In no event, however, will the new process image created by the
421 +.Nm exec
422 +function be affected by the presence of
423 +outstanding asynchronous I/O operations at the time the
424 +.Nm exec
425 +function is called.
426 +.Lp
427 +All active contract templates are cleared
428 +.Pq see Xr contract 4 .
429 +.Lp
302 430 The new process also inherits the following attributes from the calling
303 431 process:
304 -.RS +4
305 -.TP
306 -.ie t \(bu
307 -.el o
432 +.Bl -bullet -offset indent
433 +.It
308 434 controlling terminal
309 -.RE
310 -.RS +4
311 -.TP
312 -.ie t \(bu
313 -.el o
435 +.It
314 436 current working directory
315 -.RE
316 -.RS +4
317 -.TP
318 -.ie t \(bu
319 -.el o
320 -file-locks (see \fBfcntl\fR(2) and \fBlockf\fR(3C))
321 -.RE
322 -.RS +4
323 -.TP
324 -.ie t \(bu
325 -.el o
326 -file mode creation mask (see \fBumask\fR(2))
327 -.RE
328 -.RS +4
329 -.TP
330 -.ie t \(bu
331 -.el o
332 -file size limit (see \fBulimit\fR(2))
333 -.RE
334 -.RS +4
335 -.TP
336 -.ie t \(bu
337 -.el o
437 +.It
438 +file-locks
439 +.Po see
440 +.Xr fcntl 2
441 +and
442 +.Xr lockf 3C
443 +.Pc
444 +.It
445 +file mode creation mask
446 +.Pq see Xr umask 2
447 +.It
448 +file size limit
449 +.Pq see Xr ulimit 2
450 +.It
338 451 limit privilege set
339 -.RE
340 -.RS +4
341 -.TP
342 -.ie t \(bu
343 -.el o
344 -nice value (see \fBnice\fR(2))
345 -.RE
346 -.RS +4
347 -.TP
348 -.ie t \(bu
349 -.el o
350 -parent process \fBID\fR
351 -.RE
352 -.RS +4
353 -.TP
354 -.ie t \(bu
355 -.el o
356 -pending signals (see \fBsigpending\fR(2))
357 -.RE
358 -.RS +4
359 -.TP
360 -.ie t \(bu
361 -.el o
362 -privilege debugging flag (see \fBprivileges\fR(5) and \fBgetpflags\fR(2))
363 -.RE
364 -.RS +4
365 -.TP
366 -.ie t \(bu
367 -.el o
368 -process \fBID\fR
369 -.RE
370 -.RS +4
371 -.TP
372 -.ie t \(bu
373 -.el o
374 -process contract (see \fBcontract\fR(4) and \fBprocess\fR(4))
375 -.RE
376 -.RS +4
377 -.TP
378 -.ie t \(bu
379 -.el o
380 -process group \fBID\fR
381 -.RE
382 -.RS +4
383 -.TP
384 -.ie t \(bu
385 -.el o
386 -process signal mask (see \fBsigprocmask\fR(2))
387 -.RE
388 -.RS +4
389 -.TP
390 -.ie t \(bu
391 -.el o
392 -processor bindings (see \fBprocessor_bind\fR(2))
393 -.RE
394 -.RS +4
395 -.TP
396 -.ie t \(bu
397 -.el o
398 -processor set bindings (see \fBpset_bind\fR(2))
399 -.RE
400 -.RS +4
401 -.TP
402 -.ie t \(bu
403 -.el o
404 -project \fBID\fR
405 -.RE
406 -.RS +4
407 -.TP
408 -.ie t \(bu
409 -.el o
410 -real group \fBID\fR
411 -.RE
412 -.RS +4
413 -.TP
414 -.ie t \(bu
415 -.el o
416 -real user \fBID\fR
417 -.RE
418 -.RS +4
419 -.TP
420 -.ie t \(bu
421 -.el o
422 -resource limits (see \fBgetrlimit\fR(2))
423 -.RE
424 -.RS +4
425 -.TP
426 -.ie t \(bu
427 -.el o
452 +.It
453 +nice value
454 +.Pq see Xr nice 2
455 +.It
456 +parent process ID
457 +.It
458 +pending signals
459 +.Pq see Xr sigpending 2
460 +.It
461 +privilege debugging flag
462 +.Po see Xr privileges 5
463 +and
464 +.Xr getpflags 2
465 +.Pc
466 +.It
467 +process ID
468 +.It
469 +process contract
470 +.Po see Xr contract 4
471 +and
472 +.Xr process 4
473 +.Pc
474 +.It
475 +process group ID
476 +.It
477 +process signal mask
478 +.Pq see Xr sigprocmask 2
479 +.It
480 +processor bindings
481 +.Pq see Xr processor_bind 2
482 +.It
483 +processor set bindings
484 +.Pq see Xr pset_bind 2
485 +.It
486 +project ID
487 +.It
488 +real group ID
489 +.It
490 +real user ID
491 +.It
492 +resource limits
493 +.Pq see Xr getrlimit 2
494 +.It
428 495 root directory
429 -.RE
430 -.RS +4
431 -.TP
432 -.ie t \(bu
433 -.el o
434 -scheduler class and priority (see \fBpriocntl\fR(2))
435 -.RE
436 -.RS +4
437 -.TP
438 -.ie t \(bu
439 -.el o
440 -\fBsemadj\fR values (see \fBsemop\fR(2))
441 -.RE
442 -.RS +4
443 -.TP
444 -.ie t \(bu
445 -.el o
446 -session membership (see \fBexit\fR(2) and \fBsignal\fR(3C))
447 -.RE
448 -.RS +4
449 -.TP
450 -.ie t \(bu
451 -.el o
452 -supplementary group \fBIDs\fR
453 -.RE
454 -.RS +4
455 -.TP
456 -.ie t \(bu
457 -.el o
458 -task \fBID\fR
459 -.RE
460 -.RS +4
461 -.TP
462 -.ie t \(bu
463 -.el o
464 -time left until an alarm clock signal (see \fBalarm\fR(2))
465 -.RE
466 -.RS +4
467 -.TP
468 -.ie t \(bu
469 -.el o
470 -\fBtms_utime\fR, \fBtms_stime\fR, \fBtms_cutime\fR, and \fBtms_cstime\fR (see
471 -\fBtimes\fR(2))
472 -.RE
473 -.RS +4
474 -.TP
475 -.ie t \(bu
476 -.el o
477 -trace flag (see \fBptrace\fR(3C) request 0)
478 -.RE
479 -.sp
480 -.LP
481 -A call to any \fBexec\fR function from a process with more than one thread
496 +.It
497 +scheduler class and priority
498 +.Pq see Xr priocntl 2
499 +.It
500 +.Sy semadj
501 +values
502 +.Pq see Xr semop 2
503 +.It
504 +session membership
505 +.Po see
506 +.Xr exit 2
507 +and
508 +.Xr signal 3C
509 +.Pc
510 +.It
511 +supplementary group IDs
512 +.It
513 +task ID
514 +.It
515 +time left until an alarm clock signal
516 +.Pq see Xr alarm 2
517 +.It
518 +.Sy tms_utime , tms_stime , tms_cutime ,
519 +and
520 +.Sy tms_cstime
521 +.Pq see Xr times 2
522 +.It
523 +trace flag
524 +.Po see Xr ptrace 3C
525 +request 0
526 +.Pc
527 +.El
528 +.Lp
529 +A call to any
530 +.Nm exec
531 +function from a process with more than one thread
482 532 results in all threads being terminated and the new executable image being
483 -loaded and executed. No destructor functions will be called.
484 -.sp
485 -.LP
486 -Upon successful completion, each of the functions in the \fBexec\fR family
487 -marks for update the \fBst_atime\fR field of the file. If an \fBexec\fR
488 -function failed but was able to locate the \fBprocess image file\fR, whether
489 -the \fBst_atime\fR field is marked for update is unspecified. Should the
490 -function succeed, the process image file is considered to have been opened with
491 -\fBopen\fR(2). The corresponding \fBclose\fR(2) is considered to occur at a
533 +loaded and executed.
534 +No destructor functions will be called.
535 +.Lp
536 +Upon successful completion, each of the functions in the
537 +.Nm exec
538 +family marks for update the
539 +.Va st_atime
540 +field of the file.
541 +If an
542 +.Nm exec
543 +function failed but was able to locate the
544 +.Em process image file ,
545 +whether
546 +the
547 +.Va st_atime
548 +field is marked for update is unspecified.
549 +Should the function succeed, the process image file is considered to have
550 +been opened with
551 +.Xr open 2 .
552 +The corresponding
553 +.Xr close 2
554 +is considered to occur at a
492 555 time after this open, but before process termination or successful completion
493 -of a subsequent call to one of the \fBexec\fR functions. The \fIargv\fR[\|] and
494 -\fIenvp\fR[\|] arrays of pointers and the strings to which those arrays point
495 -will not be modified by a call to one of the \fBexec\fR functions, except as a
496 -consequence of replacing the process image.
497 -.sp
498 -.LP
556 +of a subsequent call to one of the
557 +.Nm exec
558 +functions.
559 +The
560 +.Fa argv
561 +and
562 +.Fa envp
563 +arrays of pointers and the strings to which those arrays point
564 +will not be modified by a call to one of the
565 +.Nm exec
566 +functions, except as a consequence of replacing the process image.
567 +.Lp
499 568 The saved resource limits in the new process image are set to be a copy of the
500 569 process's corresponding hard and soft limits.
501 -.SH RETURN VALUES
502 -.sp
503 -.LP
504 -If a function in the \fBexec\fR family returns to the calling process image, an
505 -error has occurred; the return value is \fB\(mi1\fR and \fBerrno\fR is set to
506 -indicate the error.
507 -.SH ERRORS
508 -.sp
509 -.LP
510 -The \fBexec\fR functions will fail if:
511 -.sp
512 -.ne 2
513 -.na
514 -\fB\fBE2BIG\fR\fR
515 -.ad
516 -.RS 16n
570 +.
571 +.Sh RETURN VALUES
572 +.
573 +If a function in the
574 +.Nm exec
575 +family returns to the calling process image, an
576 +error has occurred; the return value is \fB\(mi1\fR and
577 +.Va errno
578 +is set to indicate the error.
579 +.
580 +.Sh ERRORS
581 +.
582 +The
583 +.Nm exec
584 +functions will fail if:
585 +.Bl -tag -width Er
586 +.It Bq Er E2BIG
517 587 The number of bytes in the new process's argument list is greater than the
518 -system-imposed limit of {\fBARG_MAX\fR} bytes. The argument list limit is sum
588 +system-imposed limit of
589 +.Brq Dv ARG_MAX
590 +bytes.
591 +The argument list limit is sum
519 592 of the size of the argument list plus the size of the environment's exported
520 593 shell variables.
521 -.RE
522 -
523 -.sp
524 -.ne 2
525 -.na
526 -\fB\fBEACCES\fR\fR
527 -.ad
528 -.RS 16n
594 +.
595 +.It Bq Er EACCES
529 596 Search permission is denied for a directory listed in the new process file's
530 597 path prefix.
531 598 .sp
532 599 The new process file is not an ordinary file.
533 600 .sp
534 601 The new process file mode denies execute permission.
535 602 .sp
536 -The {\fBFILE_DAC_SEARCH\fR} privilege overrides the restriction on directory
537 -searches.
603 +The
604 +.Brq Dv FILE_DAC_SEARCH
605 +privilege overrides the restriction on directory searches.
538 606 .sp
539 -The {\fBFILE_DAC_EXECUTE\fR} privilege overrides the lack of execute
607 +The
608 +.Brq Dv FILE_DAC_EXECUTE
609 +privilege overrides the lack of execute
540 610 permission.
541 -.RE
542 -
543 -.sp
544 -.ne 2
545 -.na
546 -\fB\fBEAGAIN\fR\fR
547 -.ad
548 -.RS 16n
611 +.
612 +.It Bq Er EAGAIN
549 613 Total amount of system memory available when reading using raw I/O is
550 614 temporarily insufficient.
551 -.RE
552 -
553 -.sp
554 -.ne 2
555 -.na
556 -\fB\fBEFAULT\fR\fR
557 -.ad
558 -.RS 16n
615 +.
616 +.It Bq Er EFAULT
559 617 An argument points to an illegal address.
560 -.RE
561 -
562 -.sp
563 -.ne 2
564 -.na
565 -\fB\fBEINVAL\fR\fR
566 -.ad
567 -.RS 16n
618 +.
619 +.It Bq Er EINVAL
568 620 The new process image file has the appropriate permission and has a recognized
569 621 executable binary format, but the system does not support execution of a file
570 622 with this format.
571 -.RE
572 -
573 -.sp
574 -.ne 2
575 -.na
576 -\fB\fBEINTR\fR\fR
577 -.ad
578 -.RS 16n
623 +.
624 +.It Bq Er EINTR
579 625 A signal was caught during the execution of one of the functions in the
580 -\fIexec\fR family.
581 -.RE
582 -
583 -.sp
584 -.ne 2
585 -.na
586 -\fB\fBELOOP\fR\fR
587 -.ad
588 -.RS 16n
589 -Too many symbolic links were encountered in translating \fIpath\fR or
590 -\fIfile\fR.
591 -.RE
592 -
593 -.sp
594 -.ne 2
595 -.na
596 -\fB\fBENAMETOOLONG\fR\fR
597 -.ad
598 -.RS 16n
599 -The length of the \fIfile\fR or \fIpath\fR argument exceeds {\fBPATH_MAX\fR},
600 -or the length of a \fIfile\fR or \fIpath\fR component exceeds {\fBNAME_MAX\fR}
601 -while {\fB_POSIX_NO_TRUNC\fR} is in effect.
602 -.RE
603 -
604 -.sp
605 -.ne 2
606 -.na
607 -\fB\fBENOENT\fR\fR
608 -.ad
609 -.RS 16n
626 +.Nm exec
627 +family.
628 +.El
629 +.
630 +.Lp
631 +The
632 +.Nm exec
633 +functions except
634 +.Fn fexecve
635 +will fail if:
636 +.
637 +.Bl -tag -width Er
638 +.It Bq Er ELOOP
639 +Too many symbolic links were encountered in translating
640 +.Fa path
641 +or
642 +.Fa file .
643 +.
644 +.It Bq Er ENAMETOOLONG
645 +The length of the
646 +.Fa file
647 +or
648 +.Fa path
649 +argument exceeds
650 +.Brq PATH_MAX ,
651 +or the length of a
652 +.Fa file
653 +or
654 +.Fa path
655 +component exceeds
656 +.Brq Dv NAME_MAX
657 +while
658 +.Brq Dv _POSIX_NO_TRUNC
659 +is in effect.
660 +.
661 +.It Bq Er ENOENT
610 662 One or more components of the new process path name of the file do not exist or
611 663 is a null pathname.
612 -.RE
613 -
614 -.sp
615 -.ne 2
616 -.na
617 -\fB\fBENOLINK\fR\fR
618 -.ad
619 -.RS 16n
620 -The \fIpath\fR argument points to a remote machine and the link to that machine
664 +.
665 +.It Bq Er ENOLINK
666 +The
667 +.Fa path
668 +argument points to a remote machine and the link to that machine
621 669 is no longer active.
622 -.RE
623 -
624 -.sp
625 -.ne 2
626 -.na
627 -\fB\fBENOTDIR\fR\fR
628 -.ad
629 -.RS 16n
670 +.
671 +.It Bq Er ENOTDIR
630 672 A component of the new process path of the file prefix is not a directory.
631 -.RE
632 -
633 -.sp
634 -.LP
635 -The \fBexec\fR functions, except for \fBexeclp()\fR and \fBexecvp()\fR, will
636 -fail if:
637 -.sp
638 -.ne 2
639 -.na
640 -\fB\fBENOEXEC\fR\fR
641 -.ad
642 -.RS 11n
673 +.El
674 +.Lp
675 +The
676 +.Nm exec
677 +functions, except for
678 +.Fn execlp
679 +and
680 +.Fn execvp ,
681 +will fail if:
682 +.Bl -tag -width Er
683 +.It Bq Er ENOEXEC
643 684 The new process image file has the appropriate access permission but is not in
644 685 the proper format.
645 -.RE
646 -
686 +.El
687 +.Lp
688 +The
689 +.Fn fexecve
690 +function will fail if:
691 +.Bl -tag -width Er
692 +.It Bq Er EBADF
693 +The
694 +.Fa fd
695 +argument is not a valid file descriptor opened for execute.
696 +.El
647 697 .sp
648 -.LP
649 -The \fBexec\fR functions may fail if:
650 -.sp
651 -.ne 2
652 -.na
653 -\fB\fBENAMETOOLONG\fR\fR
654 -.ad
655 -.RS 16n
698 +.Lp
699 +The
700 +.Nm exec
701 +functions except for
702 +.Fn fexecve
703 +may fail if:
704 +.
705 +.Bl -tag -width Er
706 +.It Bq Er ENAMETOOLONG
656 707 Pathname resolution of a symbolic link produced an intermediate result whose
657 -length exceeds {\fBPATH_MAX\fR}.
658 -.RE
659 -
660 -.sp
661 -.ne 2
662 -.na
663 -\fB\fBENOMEM\fR\fR
664 -.ad
665 -.RS 16n
708 +length exceeds
709 +.Brq Dv PATH_MAX .
710 +.
711 +.It Bq Er ENOMEM
666 712 The new process image requires more memory than is allowed by the hardware or
667 -system-imposed by memory management constraints. See \fBbrk\fR(2).
668 -.RE
669 -
670 -.sp
671 -.ne 2
672 -.na
673 -\fB\fBETXTBSY\fR\fR
674 -.ad
675 -.RS 16n
713 +system-imposed by memory management constraints.
714 +See
715 +.Xr brk 2 .
716 +.
717 +.It Bq Er ETXTBSY
676 718 The new process image file is a pure procedure (shared text) file that is
677 719 currently open for writing by some process.
678 -.RE
679 -
680 -.SH USAGE
681 -.sp
682 -.LP
720 +.El
721 +.
722 +.Sh USAGE
723 +.
683 724 As the state of conversion descriptors and message catalogue descriptors in the
684 725 new process image is undefined, portable applications should not rely on their
685 -use and should close them prior to calling one of the \fBexec\fR functions.
686 -.sp
687 -.LP
726 +use and should close them prior to calling one of the
727 +.Nm exec
728 +functions.
729 +.Lp
688 730 Applications that require other than the default POSIX locale should call
689 -\fBsetlocale\fR(3C) with the appropriate parameters to establish the locale of
690 -thenew process.
691 -.sp
692 -.LP
693 -The \fIenviron\fR array should not be accessed directly by the application.
694 -.SH ATTRIBUTES
695 -.sp
696 -.LP
697 -See \fBattributes\fR(5) for descriptions of the following attributes:
698 -.sp
699 -
700 -.sp
701 -.TS
702 -box;
703 -c | c
704 -l | l .
705 -ATTRIBUTE TYPE ATTRIBUTE VALUE
706 -_
707 -Interface Stability Committed
708 -_
709 -MT-Level See below.
710 -_
711 -Standard See \fBstandards\fR(5).
712 -.TE
713 -
714 -.sp
715 -.LP
716 -The \fBexecle()\fR and \fBexecve()\fR fucntions are Async-Signal-Safe.
717 -.SH SEE ALSO
718 -.sp
719 -.LP
720 -\fBksh\fR(1), \fBps\fR(1), \fBsh\fR(1), \fBalarm\fR(2), \fBbrk\fR(2),
721 -\fBchmod\fR(2), \fBexit\fR(2), \fBfcntl\fR(2), \fBfork\fR(2),
722 -\fBgetpflags\fR(2), \fBgetrlimit\fR(2), \fBmemcntl\fR(2), \fBmmap\fR(2),
723 -\fBnice\fR(2), \fBpriocntl\fR(2), \fBprofil\fR(2), \fBsemop\fR(2),
724 -\fBshmop\fR(2), \fBsigpending\fR(2), \fBsigprocmask\fR(2), \fBtimes\fR(2),
725 -\fBumask\fR(2), \fBlockf\fR(3C), \fBptrace\fR(3C), \fBsetlocale\fR(3C),
726 -\fBsignal\fR(3C), \fBsystem\fR(3C), \fBtimer_create\fR(3C), \fBa.out\fR(4),
727 -\fBcontract\fR(4), \fBprocess\fR(4), \fBattributes\fR(5), \fBenviron\fR(5),
728 -\fBprivileges\fR(5), \fBstandards\fR(5)
729 -.SH WARNINGS
730 -.sp
731 -.LP
732 -If a program is \fBsetuid\fR to a user \fBID\fR other than the superuser, and
733 -the program is executed when the real user \fBID\fR is super-user, then the
731 +.Xr setlocale 3C
732 +with the appropriate parameters to establish the locale of the new process.
733 +.Lp
734 +The
735 +.Va environ
736 +array should not be accessed directly by the application.
737 +Instead,
738 +.Xr getenv 3C
739 +should be used.
740 +.
741 +.Sh SEE ALSO
742 +.Xr ps 1 ,
743 +.Xr sh 1 ,
744 +.Xr alarm 2 ,
745 +.Xr brk 2 ,
746 +.Xr chmod 2 ,
747 +.Xr exit 2 ,
748 +.Xr fcntl 2 ,
749 +.Xr fork 2 ,
750 +.Xr getpflags 2 ,
751 +.Xr getrlimit 2 ,
752 +.Xr memcntl 2 ,
753 +.Xr mmap 2 ,
754 +.Xr nice 2 ,
755 +.Xr open 2 ,
756 +.Xr priocntl 2 ,
757 +.Xr profil 2 ,
758 +.Xr semop 2 ,
759 +.Xr shmop 2 ,
760 +.Xr sigpending 2 ,
761 +.Xr sigprocmask 2 ,
762 +.Xr times 2 ,
763 +.Xr umask 2 ,
764 +.Xr lockf 3C ,
765 +.Xr ptrace 3C ,
766 +.Xr setlocale 3C ,
767 +.Xr signal 3C ,
768 +.Xr system 3C ,
769 +.Xr timer_create 3C ,
770 +.Xr fcntl.h 3HEAD ,
771 +.Xr signal.h 3HEAD ,
772 +.Xr unistd.h 3HEAD ,
773 +.Xr a.out 4 ,
774 +.Xr contract 4 ,
775 +.Xr process 4 ,
776 +.Xr environ 5 ,
777 +.Xr privileges 5 ,
778 +.Xr standards 5
779 +.
780 +.Sh INTERFACE STABILITY
781 +.
782 +.Sy Standard .
783 +.
784 +.Sh MT-LEVEL
785 +.
786 +The
787 +.Fn execle , execve , fexecve
788 +functions are
789 +.Sy Async-Signal-Safe .
790 +.
791 +.Sh STANDARDS
792 +.
793 +These functions are available in the following compilation environments.
794 +See
795 +.Xr standards 5 .
796 +.Ss Fn execl , execle , execlp , execv , execve , execvp
797 +.Bl -bullet -compact
798 +.It
799 +.St -p1003.1-90
800 +.It
801 +.St -xpg3
802 +.It
803 +.St -xpg4
804 +.It
805 +.St -xpg4.2
806 +.It
807 +.St -susv2
808 +.It
809 +.St -susv3
810 +.It
811 +.St -p1003.1-2008
812 +.El
813 +.Ss Fn fexecve
814 +.Bl -bullet -compact
815 +.It
816 +.St -p1003.1-2008
817 +.El
818 +.
819 +.Sh WARNINGS
820 +If a program is
821 +.Em setuid
822 +to a user ID other than the superuser, and
823 +the program is executed when the real user ID is super-user, then the
734 824 program has some of the powers of a super-user as well.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX