The explanation here being that LD_SHOW_AUX lets an unprivileged user dump (stack?) pointers from a setuid root executable, but the memory map of a privileged process should not be exposed this way.

In D54033#1234624, @kib wrote:

Indeed, the explicitly stated motivation, at least in the commit message, would be quite useful.

BTW, should LD_BIND_NOW be marked as unsecure, it potentially changes the bindings of the image?

I'm not sure, what happens if we perform lazy binding and the application dlopens a DSO which provides a duplicate symbol? How else can LD_BIND_NOW change the bindings of the image?

BTW, why is LD_BIND_NOT disallowed for sugid binaries? I only found commit 018865f8e8a96.

In D54033#1234654, @markj wrote:

In D54033#1234624, @kib wrote:

Indeed, the explicitly stated motivation, at least in the commit message, would be quite useful.

BTW, should LD_BIND_NOW be marked as unsecure, it potentially changes the bindings of the image?

I'm not sure, what happens if we perform lazy binding and the application dlopens a DSO which provides a duplicate symbol? How else can LD_BIND_NOW change the bindings of the image?

Yes, this is the scenario. Think about e.g. pam (but I did not looked, if pam modules are opened with RTLD_GLOBAL).

BTW, why is LD_BIND_NOT disallowed for sugid binaries? I only found commit 018865f8e8a96.

Basically for the same reason, the resolution becomes too dynamic, even more so than with the normal lazy bindings. Each call to the PLT-indirected symbol is resolved anew.
Also, this knob changes the ABI, which is might be not what the program expect, so better be safe.