ldd: ignore unverified files

When mac_veriexec is enforcing, we won't run unverified binaries, don't let ldd examine them either. Reviewed by: stevek emaste MFC after: 1 week Sponsored by: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D36897
author: Simon J. Gerraty <sjg@FreeBSD.org> 2022-10-07 03:51:28 +0300
committer: Simon J. Gerraty <sjg@FreeBSD.org> 2022-10-07 03:51:28 +0300
commit: f48114b653a2a3d8f817ad68186235595ce304ed (patch)
tree: f973a19584a47333e1eb7026291f504d0a0c316e /usr.bin
parent: b05b1ecbef0093107eef8fed52c58aa9c66cc4e0 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/usr.bin/ldd/ldd.c b/usr.bin/ldd/ldd.c
index 8897c8cbfbc2..2cd2a4c72324 100644
--- a/usr.bin/ldd/ldd.c
+++ b/usr.bin/ldd/ldd.c
@@ -169,7 +169,7 @@ main(int argc, char *argv[])
 
 	rval = 0;
 	for (; argc > 0; argc--, argv++) {
-		if ((fd = open(*argv, O_RDONLY, 0)) < 0) {
+		if ((fd = open(*argv, O_RDONLY | O_VERIFY, 0)) < 0) {
 			warn("%s", *argv);
 			rval |= 1;
 			continue;
author	Simon J. Gerraty <sjg@FreeBSD.org>	2022-10-07 03:51:28 +0300
committer	Simon J. Gerraty <sjg@FreeBSD.org>	2022-10-07 03:51:28 +0300
commit	f48114b653a2a3d8f817ad68186235595ce304ed (patch)
tree	f973a19584a47333e1eb7026291f504d0a0c316e /usr.bin
parent	b05b1ecbef0093107eef8fed52c58aa9c66cc4e0 (diff)