Package: glibc Version: 2.37-12 In the light of the recent privilege escalation vulnerability I'd like to suggest disabling the support for tunables in secure mode (most notably for setuid-binaries). This would mitigate future regressions in the handling of the environment variable and possible vulnerabilities caused by the interaction of particular options with security relevant applications.
The support could either be disabled at compile time[1] or at runtime via a file existence check (either by reusing `/etc/suid-debug` or a new one like `/etc/suid-tunables`). [1]: https://git.altlinux.org/gears/g/glibc.git?p=glibc.git;a=commitdiff;h=5d1686416ab766f3dd0780ab730650c4c0f76ca9