From f48114b653a2a3d8f817ad68186235595ce304ed Mon Sep 17 00:00:00 2001
From: "Simon J. Gerraty" <sjg@FreeBSD.org>
Date: Thu, 6 Oct 2022 17:51:28 -0700
Subject: [PATCH] ldd: ignore unverified files

When mac_veriexec is enforcing, we won't run unverified binaries,
don't let ldd examine them either.

Reviewed by:	stevek emaste
MFC after:	1 week
Sponsored by:	Juniper Networks, Inc.
Differential Revision:	https://reviews.freebsd.org/D36897
---
 usr.bin/ldd/ldd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr.bin/ldd/ldd.c b/usr.bin/ldd/ldd.c
index 8897c8cbfbc..2cd2a4c7232 100644
--- a/usr.bin/ldd/ldd.c
+++ b/usr.bin/ldd/ldd.c
@@ -169,7 +169,7 @@ main(int argc, char *argv[])
 
 	rval = 0;
 	for (; argc > 0; argc--, argv++) {
-		if ((fd = open(*argv, O_RDONLY, 0)) < 0) {
+		if ((fd = open(*argv, O_RDONLY | O_VERIFY, 0)) < 0) {
 			warn("%s", *argv);
 			rval |= 1;
 			continue;