git: c3e9317fde85 - stable/12 - ldd: ignore unverified files

From: Simon J. Gerraty <sjg_at_FreeBSD.org>
Date: Sat, 15 Oct 2022 16:12:28 UTC
The branch stable/12 has been updated by sjg:

URL: https://cgit.FreeBSD.org/src/commit/?id=c3e9317fde85e273f1ca2c5060570f3bd90caca3

commit c3e9317fde85e273f1ca2c5060570f3bd90caca3
Author:     Simon J. Gerraty <sjg@FreeBSD.org>
AuthorDate: 2022-10-07 00:51:28 +0000
Commit:     Simon J. Gerraty <sjg@FreeBSD.org>
CommitDate: 2022-10-15 16:11:59 +0000

    ldd: ignore unverified files
    
    When mac_veriexec is enforcing, we won't run unverified binaries,
    don't let ldd examine them either.
    
    Reviewed by:    stevek emaste
    MFC after:      1 week
    Sponsored by:   Juniper Networks, Inc.
    Differential Revision:  https://reviews.freebsd.org/D36897
    
    (cherry picked from commit f48114b653a2a3d8f817ad68186235595ce304ed)
---
 usr.bin/ldd/ldd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr.bin/ldd/ldd.c b/usr.bin/ldd/ldd.c
index 5631b03b7bc9..d237850be765 100644
--- a/usr.bin/ldd/ldd.c
+++ b/usr.bin/ldd/ldd.c
@@ -190,7 +190,7 @@ main(int argc, char *argv[])
 	for (; argc > 0; argc--, argv++) {
 		int fd, status, is_shlib, rv, type;
 
-		if ((fd = open(*argv, O_RDONLY, 0)) < 0) {
+		if ((fd = open(*argv, O_RDONLY | O_VERIFY, 0)) < 0) {
 			warn("%s", *argv);
 			rval |= 1;
 			continue;