Why is "AcceptEnv *" considered insecure?

Enabling environment processing may enable users to bypass access restrictions in some configurations using mechanisms such as LD_PRELOAD.

Not all version of the man pages for sshd_config mention this. If your environment variables are changed beforehand and certain privileged processes are executed with new libraries specified by this, issues can result.

Take a look at http://www.dankalia.com/tutor/01005/0100501004.htm and search for "LD_PRELOAD Exploit". Sorry, the page has no anchor links.

See also StackOverflow question: What is the LD_PRELOAD trick?

Setting environment variables after connection is fine, but when those variable are interpreted by the ssh daemon as set by AcceptEnv, Bad Things may occur.