> Call getenv before issetugid. Why??
issetugid is a syscall (yes, it has overhead) which (amongst other things) whether you can trust the environment. But getenv -- that's a call which trusts enough of the environment array's structure, to do a walk, and find. Why do the walk, at all, if you aren't supposed to? It might not just be the string in the environment, it might be some other corruption (I can't see one, but WHY do the idiom in a less safe way?) It is entirely BACKWARDS from what we do elsewhere. Who suggested you do this?
