--- sysdeps/generic/unsecvars.h	2004-08-03 18:13:13 -0400
+++ sysdeps/generic/unsecvars.h	2004-08-03 18:11:41 -0400
@@ -3,6 +3,8 @@
    with a '\0' explicitly.  */
 #define UNSECURE_ENVVARS \
   "LD_PRELOAD\0"							      \
+  "LD_DEBUG\0"								      \
+  "LD_TRACE_PRELINKING\0"							      \
   "LD_LIBRARY_PATH\0"							      \
   "LD_ORIGIN_PATH\0"							      \
   "LD_DEBUG_OUTPUT\0"							      \
--- elf/rtld.c	2003-01-07 13:47:35 -0500
+++ elf/rtld.c	2004-08-03 22:15:51 -0400
@@ -1762,6 +1762,30 @@
   GL(dl_profile_output)
     = &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0];
 
+  /* Extra security for SUID binaries.  Remove all dangerous environment
+     variables.  */
+  if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
+    {
+      static const char unsecure_envvars[] =
+#ifdef EXTRA_UNSECURE_ENVVARS
+	EXTRA_UNSECURE_ENVVARS
+#endif
+	UNSECURE_ENVVARS;
+      const char *nextp;
+
+      nextp = unsecure_envvars;
+      do
+	{
+	  unsetenv (nextp);
+	  /* We could use rawmemchr but this need not be fast.  */
+	  nextp = (char *) (strchr) (nextp, '\0') + 1;
+	}
+      while (*nextp != '\0');
+
+      if (__access ("/etc/suid-debug", F_OK) != 0)
+	unsetenv ("MALLOC_CHECK_");
+    }
+
   while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
     {
       size_t len = 0;
@@ -1897,33 +1921,10 @@
   /* The caller wants this information.  */
   *modep = mode;
 
-  /* Extra security for SUID binaries.  Remove all dangerous environment
-     variables.  */
-  if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
-    {
-      static const char unsecure_envvars[] =
-#ifdef EXTRA_UNSECURE_ENVVARS
-	EXTRA_UNSECURE_ENVVARS
-#endif
-	UNSECURE_ENVVARS;
-      const char *nextp;
-
-      nextp = unsecure_envvars;
-      do
-	{
-	  unsetenv (nextp);
-	  /* We could use rawmemchr but this need not be fast.  */
-	  nextp = (char *) (strchr) (nextp, '\0') + 1;
-	}
-      while (*nextp != '\0');
-
-      if (__access ("/etc/suid-debug", F_OK) != 0)
-	unsetenv ("MALLOC_CHECK_");
-    }
   /* If we have to run the dynamic linker in debugging mode and the
      LD_DEBUG_OUTPUT environment variable is given, we write the debug
      messages to this file.  */
-  else if (any_debug && debug_output != NULL)
+  if (any_debug && debug_output != NULL)
     {
 #ifdef O_NOFOLLOW
       const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW;