It's possible to bypass environment variables filtering on suid program execution.
vulners.com/securityvulns/securityvulns:doc:22846
vulners.com/securityvulns/securityvulns:doc:22866