[newlib-cygwin] Improve description of Cygwin ldd utility

Jon TURNEY jturney@sourceware.org
Thu Jul 7 13:49:00 GMT 2016


https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=53a831f063a86139a154461fe878b6e4537f247f

commit 53a831f063a86139a154461fe878b6e4537f247f
Author: Jon Turney <jon.turney@dronecode.org.uk>
Date:   Sat Jul 2 16:45:02 2016 +0100

    Improve description of Cygwin ldd utility
    
    Improve the description of Cygwin ldd utility to give a bit more detail
    about how it does what it does
    
    Also add a security warning (modelled after the one in the Linux manpage)
    that it may end up executing the file it is applied to.
    
    Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>

Diff:
---
 winsup/doc/utils.xml | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/winsup/doc/utils.xml b/winsup/doc/utils.xml
index 12949c5..906c377 100644
--- a/winsup/doc/utils.xml
+++ b/winsup/doc/utils.xml
@@ -755,10 +755,20 @@ ldd [OPTION]... FILE...
 
     <refsect1>
       <title>Description</title>
-    <para><command>ldd</command> prints the shared libraries (DLLs) an
-      executable or DLL is linked against. No modifying option is implemented
-      yet.</para>
+      <para><command>ldd</command> prints the shared libraries (DLLs) loaded
+      when running an executable or DLL.</para>
+
+    <refsect2>
+      <title>Security</title>
+      <para>
+	<command>ldd</command> invokes the Windows loader on the file specified,
+	then uses the Windows debugging interface to report DLLs loaded, and
+	(for executables) to attempt to stop execution before the entrypoint.
+	Thus, you should never use ldd on an untrusted file.
+      </para>
+    </refsect2>
     </refsect1>
+
   </refentry>
 
   <refentry id="locale">



More information about the Cygwin-cvs mailing list