Use secure_getenv instead of getenv for setuid programs

(bnc#694598 CVE-2011-2709 bnc#831805)

import from:
https://build.opensuse.org/package/view_file/openSUSE:Factory/libgssglue/secure-getenv.patch

Upstream-Status: Pending

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>

diff --git a/src/g_initialize.c b/src/g_initialize.c
index 200f173..935a9fa 100644
--- a/src/g_initialize.c
+++ b/src/g_initialize.c
@@ -26,6 +26,7 @@
  * This function will initialize the gssapi mechglue library
  */
 
+#define _GNU_SOURCE
 #include "mglueP.h"
 #include <stdlib.h>
 
@@ -197,8 +198,7 @@ static void solaris_initialize ()
     void *dl;
     gss_mechanism (*sym)(void), mech;
 
-    if ((getuid() != geteuid()) ||
-        ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
+    if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
 	filename = MECH_CONF;
 
     if ((conffile = fopen(filename, "r")) == NULL) {
@@ -274,8 +274,7 @@ static void linux_initialize ()
     void *dl;
     gss_mechanism (*sym)(void), mech;
 
-    if ((getuid() != geteuid()) ||
-        ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
+    if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
 	filename = MECH_CONF;
 
     if ((conffile = fopen(filename, "r")) == NULL) {