4.17. Should I be concerned about the LD_PRELOAD environment variable with LIDS?

Yes, if you are running an version of LIDS older than 1.1.1preX please read on.

For setuid programs, the LD_PRELOAD env var is "cleansed" so that it can't affect the libraries loaded by a program (with the exception of recent glibc vulnerabilities).

Problems arise when you grant special capabilities or file access permissions to non-setuid binaries. Since the LD_PRELOAD env var isn't "cleansed" before loading libraries, someone with malicious intent could load a trojaned library and it would have the same special capabilities/file access permissions that were given to the original program.

Possible options to reduce your risk:

SECURITY UPDATE: Starting with LIDS 1.1.1preX, the LD_PRELOAD environment variable is disabled automatically for any program that has been given special privileges via LIDS. This has also been back ported to LIDS 0.10.3.