As the state of conversion descriptors and message catalog
descriptors in the new process image is undefined, conforming
applications should not rely on their use and should close them
prior to calling one of the exec functions.
Applications that require other than the default POSIX locale as
the global locale in the new process image should call
setlocale() with the appropriate parameters.
When assigning a new value to the environ variable, applications
should ensure that the environment to which it will point
contains at least the following:
1. Any implementation-defined variables required by the
implementation to provide a conforming environment. See the
_CS_V7_ENV entry in <unistd.h> and confstr() for details.
2. A value for PATH which finds conforming versions of all
standard utilities before any other versions.
The same constraint applies to the envp array passed to execle()
or execve(), in order to ensure that the new process image is
invoked in a conforming environment.
Applications should not execute programs with file descriptor 0
not open for reading or with file descriptor 1 or 2 not open for
writing, as this might cause the executed program to misbehave.
In order not to pass on these file descriptors to an executed
program, applications should not just close them but should
reopen them on, for example, /dev/null
. Some implementations may
reopen them automatically, but applications should not rely on
this being done.
If an application wants to perform a checksum test of the file
being executed before executing it, the file will need to be
opened with read permission to perform the checksum test.
Since execute permission is checked by fexecve(), the file
description fd need not have been opened with the O_EXEC flag.
However, if the file to be executed denies read and write
permission for the process preparing to do the exec, the only way
to provide the fd to fexecve() will be to use the O_EXEC flag
when opening fd. In this case, the application will not be able
to perform a checksum test since it will not be able to read the
contents of the file.
Note that when a file descriptor is opened with O_RDONLY, O_RDWR,
or O_WRONLY mode, the file descriptor can be used to read, read
and write, or write the file, respectively, even if the mode of
the file changes after the file was opened. Using the O_EXEC open
mode is different; fexecve() will ignore the mode that was used
when the file descriptor was opened and the exec will fail if the
mode of the file associated with fd does not grant execute
permission to the calling process at the time fexecve() is
called.