Credit: Tavis Ormandy (and previous anonymous discoverers)
Tavis discovered that the glibc dynamic linker allows the $ORIGIN expansion in LD_AUDIT environmental variable when executing setuid binaries. This can be used to elevate privileges to root.
recognize both excellence and incompetence in the field of information security