.\"
.SS Secure-execution mode
For security reasons,
-the effects of some environment variables are voided or modified if
-the dynamic linker determines that the binary should be
-run in secure-execution mode.
-(For details, see the discussion of individual environment variables below.)
+if the dynamic linker determines that a binary should be
+run in secure-execution mode,
+the effects of some environment variables are voided or modified,
+and furthermore those environment variables are stripped from the environment,
+so that the program does not even see the definitions.
+Some of these environment variables affect the operation of
+the dynamic linker itself, and are described below.
+Other environment variables treated in this way include:
+.BR GCONV_PATH ,
+.BR GETCONF_DIR ,
+.BR HOSTALIASES ,
+.BR LOCALDOMAIN ,
+.BR LOCPATH ,
+.BR MALLOC_TRACE ,
+.BR NIS_PATH ,
+.BR NLSPATH ,
+.BR RESOLV_HOST_CONF ,
+.BR RES_OPTIONS ,
+.BR TMPDIR ,
+and
+.BR TZDIR .
+.PP
A binary is executed in secure-execution mode if the
.B AT_SECURE
entry in the auxiliary vector (see