The penguin farm
When Linux loads and executes an application (say we want to execute an application, not a shell script or something else), usually a fork()
/execve()
pair of system calls are initiated to start the execution of the application.
These system calls are responsible for duplicating the current process (fork()
) and replacing the current process image with a new process image (the application to be executed – that is, execve()
).
These API calls are presented in great detail in Advanced Linux Programming, by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, but there are countless online resources dedicated to this subject. So, if you’re interested in this subject, you might find good sources of information there.
But let’s continue loading the executable. The execve()
system call, after several iterations where it leaves the confines of userspace, will end up in the Linux kernel and create a linux_binprm
structure2.