This is the mail archive of the
cygwin-patches
mailing list for the Cygwin project.
[PATCH 3/3] Improve description of Cygwin ldd utility
- From: Jon Turney <jon dot turney at dronecode dot org dot uk>
- To: cygwin-patches at cygwin dot com
- Cc: Jon Turney <jon dot turney at dronecode dot org dot uk>
- Date: Tue, 5 Jul 2016 11:07:52 +0100
- Subject: [PATCH 3/3] Improve description of Cygwin ldd utility
- Authentication-results: sourceware.org; auth=none
- References: <20160705100752.6684-1-jon.turney@dronecode.org.uk>
Improve the description of Cygwin ldd utility to give a bit more detail
about how it does what it does
Also add a security warning (modelled after the one in the Linux manpage)
that it may end up executing the file it is applied to.
Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
---
winsup/doc/utils.xml | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/winsup/doc/utils.xml b/winsup/doc/utils.xml
index 12949c5..906c377 100644
--- a/winsup/doc/utils.xml
+++ b/winsup/doc/utils.xml
@@ -755,10 +755,20 @@ ldd [OPTION]... FILE...
<refsect1>
<title>Description</title>
- <para><command>ldd</command> prints the shared libraries (DLLs) an
- executable or DLL is linked against. No modifying option is implemented
- yet.</para>
+ <para><command>ldd</command> prints the shared libraries (DLLs) loaded
+ when running an executable or DLL.</para>
+
+ <refsect2>
+ <title>Security</title>
+ <para>
+ <command>ldd</command> invokes the Windows loader on the file specified,
+ then uses the Windows debugging interface to report DLLs loaded, and
+ (for executables) to attempt to stop execution before the entrypoint.
+ Thus, you should never use ldd on an untrusted file.
+ </para>
+ </refsect2>
</refsect1>
+
</refentry>
<refentry id="locale">
--
2.8.3