Silvio Cesare discovered a potential information leak in glibc. It allows LD_DEBUG on SUID binaries where it should not be allowed. This has various security implications, which may be used to gain confidentional information. Has this been caught? Might apply to other releases. If so please propagate.
LD_DEBUG as well as LD_TRACE_PRELINKING are disallowed for suid binaries since glibc-2.3.3-88, FC3 ATM has glibc-2.3.4-2.fc3.
Did you propagate this bug report to other relevant releases/OSes? I would say RHEL 2.1 and 3 are vulnerable...
Please CC me on new reports for RHEL if you do propagate this report. Searched bugzilla for LD_DEBUG in the title of reports and other titles that might be relevant but I didn't find any. Might be an oversight on my part.