The explanation here being that LD_SHOW_AUX lets an unprivileged user dump (stack?) pointers from a setuid root executable, but the memory map of a privileged process should not be exposed this way.

In D54033#1234624, @kib wrote:

Indeed, the explicitly stated motivation, at least in the commit message, would be quite useful.

BTW, should LD_BIND_NOW be marked as unsecure, it potentially changes the bindings of the image?

I'm not sure, what happens if we perform lazy binding and the application dlopens a DSO which provides a duplicate symbol? How else can LD_BIND_NOW change the bindings of the image?

BTW, why is LD_BIND_NOT disallowed for sugid binaries? I only found commit 018865f8e8a96.

In D54033#1234654, @markj wrote:

In D54033#1234624, @kib wrote:

Indeed, the explicitly stated motivation, at least in the commit message, would be quite useful.

BTW, should LD_BIND_NOW be marked as unsecure, it potentially changes the bindings of the image?

I'm not sure, what happens if we perform lazy binding and the application dlopens a DSO which provides a duplicate symbol? How else can LD_BIND_NOW change the bindings of the image?

Yes, this is the scenario. Think about e.g. pam (but I did not looked, if pam modules are opened with RTLD_GLOBAL).

BTW, why is LD_BIND_NOT disallowed for sugid binaries? I only found commit 018865f8e8a96.

Basically for the same reason, the resolution becomes too dynamic, even more so than with the normal lazy bindings. Each call to the PLT-indirected symbol is resolved anew.
Also, this knob changes the ABI, which is might be not what the program expect, so better be safe.

This should have been credited as “reported by: Daniel Hodson <daniel@elttam.com>”