Home/ Questions/Q 6645345
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T00:16:32+00:00

Using the following code to run the ls command via /bin/sh nworks fine: #include

  • 0

Using the following code to run the ls command via /bin/shnworks fine:

#include <unistd.h>
int main(int argc, char **argv, char **envp) {
    execle("/bin/sh", "sh", "-c", "ls", (char*)NULL, envp);
}

However if I launch the shell in an empty environment, changing the execle line to read like this:

execle("/bin/sh", "sh", "-c", "ls", (char*)NULL, NULL);

It works too.

How does the shell know the path to ls even though I didn’t pass any enviroment?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Lets re-write your program as following:

    #include <stdio.h>
#include <unistd.h>

int main(int argc, char **argv, char **envp) 
{
        execle("/bin/sh", "sh", "-c", "ls", (char*)NULL, NULL);
        return 0;
}

    Now, once you compile and run with ltrace, you’ll find the following snippet in the output:

    <... bsearch resumed> )                                                     = NULL
strlen("ls")                                                                = 2
memcpy(0x0061cbe0, "/usr/local/sbin", 15)                                   = 0x0061cbe0
strcpy(0x0061cbf0, "ls")                                                    = 0x0061cbf0
__xstat64(1, "/usr/local/sbin/ls", 0x7fffb173e120)                          = -1
strlen("ls")                                                                = 2
memcpy(0x0061cbe0, "/usr/local/bin", 14)                                    = 0x0061cbe0
strcpy(0x0061cbef, "ls")                                                    = 0x0061cbef
__xstat64(1, "/usr/local/bin/ls", 0x7fffb173e120)                           = -1
strlen("ls")                                                                = 2
memcpy(0x0061cbe0, "/usr/sbin", 9)                                          = 0x0061cbe0
strcpy(0x0061cbea, "ls")                                                    = 0x0061cbea
__xstat64(1, "/usr/sbin/ls", 0x7fffb173e120)                                = -1
strlen("ls")                                                                = 2
memcpy(0x0061cbe0, "/usr/bin", 8)                                           = 0x0061cbe0
strcpy(0x0061cbe9, "ls")                                                    = 0x0061cbe9
__xstat64(1, "/usr/bin/ls", 0x7fffb173e120)                                 = -1
strlen("ls")                                                                = 2
memcpy(0x0061cbe0, "/sbin", 5)           
strcpy(0x0061cbe6, "ls")                                                    = 0x0061cbe6
__xstat64(1, "/sbin/ls", 0x7fffb173e120)                                    = -1
strlen("ls")                                                                = 2
memcpy(0x0061cbe0, "/bin", 4)                                               = 0x0061cbe0
strcpy(0x0061cbe5, "ls")                                                    = 0x0061cbe5
__xstat64(1, "/bin/ls", 0x7fffb173e120)                                     = 0
strlen("ls")                                                                = 2
malloc(26)                                                                  = 0x025fa110
strcpy(0x025fa123, "ls")                                                    = 0x025fa123
realloc(NULL, 160)                                                          = 0x025fa140
fork()

    As you can see, it’s clearly looking for the right path before doing the fork() with '/bin/ls' which is the right path for 'ls'. If there was $PATH variable given, sh would try those paths to find the location of ls. Since there is no $PATH provided in this case, plausible paths (e.g. /bin, /usr/bin, /sbin) are tried nevertheless.

    From execle man-page:

    If this PATH variable isn’t specified,
    the default path is set according to the
    _PATH_DEFPATH definition in ,
    which is set to /usr/bin:/bin.

    • 0