git: c3e9317fde85 - stable/12 - ldd: ignore unverified files
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 15 Oct 2022 16:12:28 UTC
The branch stable/12 has been updated by sjg:
URL: https://cgit.FreeBSD.org/src/commit/?id=c3e9317fde85e273f1ca2c5060570f3bd90caca3
commit c3e9317fde85e273f1ca2c5060570f3bd90caca3
Author: Simon J. Gerraty <sjg@FreeBSD.org>
AuthorDate: 2022-10-07 00:51:28 +0000
Commit: Simon J. Gerraty <sjg@FreeBSD.org>
CommitDate: 2022-10-15 16:11:59 +0000
ldd: ignore unverified files
When mac_veriexec is enforcing, we won't run unverified binaries,
don't let ldd examine them either.
Reviewed by: stevek emaste
MFC after: 1 week
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D36897
(cherry picked from commit f48114b653a2a3d8f817ad68186235595ce304ed)
---
usr.bin/ldd/ldd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/usr.bin/ldd/ldd.c b/usr.bin/ldd/ldd.c
index 5631b03b7bc9..d237850be765 100644
--- a/usr.bin/ldd/ldd.c
+++ b/usr.bin/ldd/ldd.c
@@ -190,7 +190,7 @@ main(int argc, char *argv[])
for (; argc > 0; argc--, argv++) {
int fd, status, is_shlib, rv, type;
- if ((fd = open(*argv, O_RDONLY, 0)) < 0) {
+ if ((fd = open(*argv, O_RDONLY | O_VERIFY, 0)) < 0) {
warn("%s", *argv);
rval |= 1;
continue;