ldso: move the suid/secure check code closer to env/auxv processing

this does not change behavior, but the idea is to avoid letting other
code build up between these two points, whereby the environment
variables might get used before security it checked.

src/ldso/dynlink.c

@@ -482,13 +482,6 @@ void *__dynlink(int argc, char **argv, size_t *got)
 
 	decode_vec(auxv, aux, AUX_CNT);
 
-	for (i=0; auxv[i]; i+=2) {
-		if (auxv[i]==AT_SYSINFO_EHDR) {
-			vdso_base = auxv[i+1];
-			break;
-		}
-	}
-
 	/* Only trust user/env if kernel says we're not suid/sgid */
 	if ((aux[0]&0x7800)!=0x7800 || aux[AT_UID]!=aux[AT_EUID]
 	  || aux[AT_GID]!=aux[AT_EGID] || aux[AT_SECURE]) {
@@ -496,6 +489,13 @@ void *__dynlink(int argc, char **argv, size_t *got)
 		env_preload = 0;
 	}
 
+	for (i=0; auxv[i]; i+=2) {
+		if (auxv[i]==AT_SYSINFO_EHDR) {
+			vdso_base = auxv[i+1];
+			break;
+		}
+	}
+
 	/* Relocate ldso's DYNAMIC pointer and load vector */
 	decode_vec((void *)(got[0] += aux[AT_BASE]), lib_dyn, DYN_CNT);