From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461) Description of problem: Certain environment variables are removed from the environment of an exec'ed program, when that program is owned by root with the setuid bit set. One such variable is LD_LIBRARY_PATH. But this is OK: it is known that setuid programs delete LD_LIBRARY_PATH from the environment list. (See /usr/src/redhat/SOURCES/glibc-2.2.5/sysdeps/generic/unsecvars.h) The bug is that the environment variables G, H, L, M, N, R, and T are also deleted from the environment. Suspiciously, these happen to be exactly the set of initial letters of the variables listed in unsecvars.h... Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: See attachment for detailed information. Additional info:
Created attachment 85753 [details] description and test case to demonstrate bug
This is fixed by glibc 7.3 errata.