prepare support for LD_LIBRARY_PATH (checking suid/sgid safety)

the use of this test will be much stricter than glibc and other
typical implementations; the environment will not be honored
whatsoever unless the program is confirmed non-suid/sgid by the aux
vector the kernel passed in. no fallback to slow syscall-based
checking is used if the kernel fails to provide the information; we
simply assume the worst (suid) in this case and refuse to honor
environment.

src/ldso/dynlink.c

@@ -48,6 +48,7 @@ struct dso
 };
 
 static struct dso *head, *tail, *libc;
+static int trust_env;
 
 #define AUX_CNT 15
 #define DYN_CNT 34
@@ -373,6 +374,11 @@ void *__dynlink(int argc, char **argv, size_t *got)
 
 	/* At this point the standard library is fully functional */
 
+	/* Only trust user/env if kernel says we're not suid/sgid */
+	trust_env = (aux[0]&0x7800)==0x7800
+		&& aux[AT_UID]==aux[AT_EUID]
+		&& aux[AT_GID]==aux[AT_EGID];
+
 	head = tail = &app;
 	libc = &lib;
 	app.next = 0;