Linux capabilities (setcap) seems to disable LD_LIBRARY_PATH

Question

I use LD_LIBRARY_PATH to set the path of a certain user library for an application. But if I set capabilities on this application

sudo setcap CA         


        

Answer 1

The man page for sudo explains:

Note that the dynamic linker on most operating systems will remove variables that can control dynamic linking from the environment of setuid executables, including sudo. Depending on the operating system this may include RLD*, DYLD*, LD_, LDR_, LIBPATH, SHLIB_PATH, and others. These type of variables are removed from the environment before sudo even begins execution and, as such, it is not possible for sudo to preserve them.

As this link explains, the actual mechanism for doing this is in glibc. If the UID does not match the EUID (which is the case for any setuid program, including sudo), then all "unsecure environment variables" are removed. Thus, a program with elevated privileges runs without alteration.