A simple LD_PRELOAD command can cause your shell to run "rm -rf /" when you type "/sudo".
If your unprivileged user is compromised, you are pretty hosed.
A simple LD_PRELOAD command can cause your shell to run "rm -rf /" when you type "/sudo".
If your unprivileged user is compromised, you are pretty hosed.
It should be a way to make system env vars (profile.d or simlar) as readonly so every users' shell had these set to empty values and unable to change them.