One particular attack that kept recurring for years in different forms is so called ``LD_PRELOAD'' attack. In Linux, ``LD_PRELOAD'' is an environment variable that specifies which shared libraries are to be loaded in programs at runtime. The ``LD_PRELOAD'' attack affects LinSec as it is possible for an attacker to gain capabilities of other programs by executing custom code contained in the ``LD_PRELOAD'' variable. To circumvent this type of attack, LinSec removes all capabilities from a process executing a binary if ``LD_PRELOAD'' environment variable is specified at the time of the execution.
The action might be considered drastic but in cases, such as this, when, from the system's point of view, there is only one, rather coarse, way of recognizing potential problems, dropping the offending process' privileges is the least that can be done to prevent a potential security breach. Furthermore, as there are other mechanisms, apart from the use of LD_PRELOAD environment variable, for preloading library code, the mechanism does not affect functionality of the system as a whole.