diff --git a/qrexec/qrexec-agent.c b/qrexec/qrexec-agent.c
index a7ae558..909bfca 100644
--- a/qrexec/qrexec-agent.c
+++ b/qrexec/qrexec-agent.c
@@ -82,9 +82,8 @@ void no_colon_in_cmd()
  * If dom0 sends overly long cmd, it will probably crash qrexec-agent (unless
  * process can allocate up to 4GB on both stack and heap), sorry.
  */
-void do_exec(const char *cmd)
+void do_exec(char *cmd)
 {
-    char buf[strlen(QUBES_RPC_MULTIPLEXER_PATH) + strlen(cmd) - RPC_REQUEST_COMMAND_LEN + 1];
     char *realcmd = index(cmd, ':'), *user;
     if (!realcmd)
         no_colon_in_cmd();
@@ -94,16 +93,14 @@ void do_exec(const char *cmd)
     /* ignore "nogui:" prefix in linux agent */
     if (strncmp(realcmd, NOGUI_CMD_PREFIX, NOGUI_CMD_PREFIX_LEN) == 0)
         realcmd += NOGUI_CMD_PREFIX_LEN;
-    /* replace magic RPC cmd with RPC multiplexer path */
-    if (strncmp(realcmd, RPC_REQUEST_COMMAND " ", RPC_REQUEST_COMMAND_LEN+1)==0) {
-        strcpy(buf, QUBES_RPC_MULTIPLEXER_PATH);
-        strcpy(buf + strlen(QUBES_RPC_MULTIPLEXER_PATH), realcmd + RPC_REQUEST_COMMAND_LEN);
-        realcmd = buf;
-    }
 
     signal(SIGCHLD, SIG_DFL);
     signal(SIGPIPE, SIG_DFL);
 
+    /* call QUBESRPC if requested */
+    exec_qubes_rpc_if_requested(realcmd, environ);
+
+    /* otherwise exec shell */
     execl("/bin/su", "su", "-", user, "-c", realcmd, NULL);
     perror("execl");
     exit(1);
diff --git a/qrexec/qrexec-agent.h b/qrexec/qrexec-agent.h
index b520525..21e089d 100644
--- a/qrexec/qrexec-agent.h
+++ b/qrexec/qrexec-agent.h
@@ -23,7 +23,7 @@
 
 int handle_handshake(libvchan_t *ctrl);
 void handle_vchan_error(const char *op);
-void do_exec(const char *cmd);
+void do_exec(char *cmd);
 /* call before fork() for service handling process (either end) */
 void prepare_child_env();
 
diff --git a/qrexec/qrexec-client-vm.c b/qrexec/qrexec-client-vm.c
index 69bfb96..6d27d8a 100644
--- a/qrexec/qrexec-client-vm.c
+++ b/qrexec/qrexec-client-vm.c
@@ -37,7 +37,7 @@ void handle_vchan_error(const char *op)
     exit(1);
 }
 
-void do_exec(const char *cmd __attribute__((__unused__))) {
+void do_exec(char *cmd __attribute__((__unused__))) {
     fprintf(stderr, "BUG: do_exec function shouldn't be called!\n");
     exit(1);
 }
diff --git a/qrexec/qrexec-fork-server.c b/qrexec/qrexec-fork-server.c
index d52b377..b062fa7 100644
--- a/qrexec/qrexec-fork-server.c
+++ b/qrexec/qrexec-fork-server.c
@@ -33,18 +33,16 @@
 #include "libqrexec-utils.h"
 #include "qrexec-agent.h"
 
-void do_exec(const char *cmd)
+extern char **environ;
+
+void do_exec(char *cmd)
 {
-    char buf[strlen(QUBES_RPC_MULTIPLEXER_PATH) + strlen(cmd) - strlen(RPC_REQUEST_COMMAND) + 1];
-    /* replace magic RPC cmd with RPC multiplexer path */
-    if (strncmp(cmd, RPC_REQUEST_COMMAND " ", strlen(RPC_REQUEST_COMMAND)+1)==0) {
-        strcpy(buf, QUBES_RPC_MULTIPLEXER_PATH);
-        strcpy(buf + strlen(QUBES_RPC_MULTIPLEXER_PATH), cmd + strlen(RPC_REQUEST_COMMAND));
-        cmd = buf;
-    }
     signal(SIGCHLD, SIG_DFL);
     signal(SIGPIPE, SIG_DFL);
 
+    /* call QUBESRPC if requested */
+    exec_qubes_rpc_if_requested(cmd, environ);
+
     execl("/bin/sh", "sh", "-c", cmd, NULL);
     perror("execl");
     exit(1);