Posted at LWN.net: "'glibc' is the main library in a linux system and is used by
virtually all programs out there.
Local vulnerabilities were found in the glibc package shipped with
Conectiva Linux that would allow an attacker to overwrite any file on
the system. Many environment variables were honored when running a
SUID program, and it was shown that even 'trusted' libraries could be
used to overwrite files on the system."
February 6, 2001