lib: allow safe_getenv to work for non-root users

[floppym]

This allows users to override settings like BLKID_FILE, as is done in
the e2fsprogs test suite.

Bug: https://bugs.gentoo.org/839825
Fixes: 035507c
Signed-off-by: Mike Gilbert floppym@gentoo.org

[karelzak]

We really don't want to allow non-root users to change security-sensitive settings (like devices identification, fstab path, ...).

[floppym]

Can you elaborate on how changing those settings in an unprivileged process poses a security risk? I've been pondering it myself, and I can't come up with a viable attack.

[floppym]

Also, the function calls secure_getenv when available, so that should cover the edge cases like Linux caps and suid/sgid bits.

[karelzak]

I read the code and patch again, and you're right.

Now sure why I have added the ruid != 0 in commit 035507c. It really seems too restrictive, what we need is to avoid suid situations. I guess the original idea was to avoid non-suid execution with some CAP_SYS_ADMIN or so, but I guess an auxiliary vector with AT_SECURE should be enough for us.