-.\" Hey Emacs! This file is -*- nroff -*- source.
-.\"
.\" Copyright (c) 2006, Michael Kerrisk
.\"
+.\" %%%LICENSE_START(VERBATIM)
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are
.\" preserved on all copies.
.\"
.\" Formatted or processed versions of this manual, if unaccompanied by
.\" the source, must acknowledge the copyright and authors of this work.
+.\" %%%LICENSE_END
.\"
-.TH FEXECVE 3 2010-09-15 "Linux" "Linux Programmer's Manual"
+.TH FEXECVE 3 2014-04-20 "Linux" "Linux Programmer's Manual"
.SH NAME
fexecve \- execute program specified via file descriptor
.SH SYNOPSIS
and the caller must have permission to execute the file that it refers to.
.\" POSIX.1-2008 specifies the O_EXEC flag for open as an alternative,
.\" but Linux doesn't support this flag yet.
-.SH "RETURN VALUE"
+.SH RETURN VALUE
A successful call to
.BR fexecve ()
never returns.
-On error, the function returns, with a result value of \-1, and
+On error, the function does return, with a result value of \-1, and
.I errno
is set appropriately.
.SH ERRORS
.B ENOSYS
The
.I /proc
-file system could not be accessed.
+filesystem could not be accessed.
.SH VERSIONS
.BR fexecve ()
is implemented since glibc 2.3.2.
-.SH "CONFORMING TO"
+.SH CONFORMING TO
POSIX.1-2008.
This function is not specified in POSIX.1-2001,
and is not widely available on other systems.
+It is specified in POSIX.1-2008.
.SH NOTES
On Linux,
.BR fexecve ()
is implemented using the
.BR proc (5)
-file system, so
+filesystem, so
.I /proc
needs to be mounted and available at the time of the call.
-.SH "SEE ALSO"
+
+If
+.I fd
+is a file descriptor that refers to an interpreter script
+and has been marked as close-on-exec (see the discussion of the
+.BR FD_CLOEXEC
+in
+.BR fcntl (2)),
+.BR fexecve ()
+will fail to execute the script, since,
+by the time the script interpreter tries to access the script file,
+.I fd
+has already been closed.
+
+The idea behind
+.BR fexecve ()
+is to allow the caller to verify (checksum) the contents of
+an executable before executing it.
+Simply opening the file, checksumming the contents, and then doing an
+.BR execve (2)
+would not suffice, since, between the two steps, the filename,
+or a directory prefix of the pathname, could have been exchanged
+(by, for example, modifying the target of a symbolic link).
+.BR fexecve ()
+does not mitigate the problem that the
+.I contents
+of a file could be changed between the checksumming and the call to
+.BR fexecve ();
+for that, the solution is to ensure that the permissions on the file
+prevent it from being modified by malicious users.
+.SH SEE ALSO
.BR execve (2)
+.SH COLOPHON
+This page is part of release 3.65 of the Linux
+.I man-pages
+project.
+A description of the project,
+and information about reporting bugs,
+can be found at
+\%http://www.kernel.org/doc/man\-pages/.