diff options
| author | Simon J. Gerraty <sjg@FreeBSD.org> | 2022-10-07 00:51:28 +0000 |
|---|---|---|
| committer | Simon J. Gerraty <sjg@FreeBSD.org> | 2022-10-07 00:51:28 +0000 |
| commit | f48114b653a2a3d8f817ad68186235595ce304ed (patch) | |
| tree | f973a19584a47333e1eb7026291f504d0a0c316e | |
| parent | b05b1ecbef0093107eef8fed52c58aa9c66cc4e0 (diff) | |
| download | src-f48114b653a2a3d8f817ad68186235595ce304ed.tar.gz src-f48114b653a2a3d8f817ad68186235595ce304ed.zip | |
ldd: ignore unverified files
When mac_veriexec is enforcing, we won't run unverified binaries,
don't let ldd examine them either.
Reviewed by: stevek emaste
MFC after: 1 week
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D36897
| -rw-r--r-- | usr.bin/ldd/ldd.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr.bin/ldd/ldd.c b/usr.bin/ldd/ldd.c index 8897c8cbfbc2..2cd2a4c72324 100644 --- a/usr.bin/ldd/ldd.c +++ b/usr.bin/ldd/ldd.c @@ -169,7 +169,7 @@ main(int argc, char *argv[]) rval = 0; for (; argc > 0; argc--, argv++) { - if ((fd = open(*argv, O_RDONLY, 0)) < 0) { + if ((fd = open(*argv, O_RDONLY | O_VERIFY, 0)) < 0) { warn("%s", *argv); rval |= 1; continue; |