Posted at LWN.net: There is a bug in the current version of the GNU C Library (glibc)
that is shipped with Immunix Linux 7.0-beta. This bug can allow
unprivileged users to read files that would normally be restricted
(like /etc/shadow). This is done by setting the RESOLV_HOST_CONF
environment variable to the file that the user wishes to read, and
then running any setuid root program (like sudo or ssh.) This causes
the restricted file to be written to stderr.
January 20, 2001