[PATCH 3/3] Improve description of Cygwin ldd utility

Jon Turney jon.turney@dronecode.org.uk
Tue Jul 5 10:08:00 GMT 2016

Improve the description of Cygwin ldd utility to give a bit more detail
about how it does what it does

Also add a security warning (modelled after the one in the Linux manpage)
that it may end up executing the file it is applied to.

Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
 winsup/doc/utils.xml | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/winsup/doc/utils.xml b/winsup/doc/utils.xml
index 12949c5..906c377 100644
--- a/winsup/doc/utils.xml
+++ b/winsup/doc/utils.xml
@@ -755,10 +755,20 @@ ldd [OPTION]... FILE...
-    <para><command>ldd</command> prints the shared libraries (DLLs) an
-      executable or DLL is linked against. No modifying option is implemented
-      yet.</para>
+      <para><command>ldd</command> prints the shared libraries (DLLs) loaded
+      when running an executable or DLL.</para>
+    <refsect2>
+      <title>Security</title>
+      <para>
+	<command>ldd</command> invokes the Windows loader on the file specified,
+	then uses the Windows debugging interface to report DLLs loaded, and
+	(for executables) to attempt to stop execution before the entrypoint.
+	Thus, you should never use ldd on an untrusted file.
+      </para>
+    </refsect2>
   <refentry id="locale">

More information about the Cygwin-patches mailing list