Sanitizers need a bigger caveat with suid binaries at least #661
Description
We should make clearer that sanitizers should not be used in production, at least not without minimal runtime (see #326). Needs to be checked whether GCC's just-trap option for sanitizers is similar enough.
Using sanitizers in production with suid binaries can introduce privilege escalation vulnerabilities if a runtime is used as ASAN_OPTIONS or UBSAN_OPTIONS (possibly others) allow specifying an arbitrary log file path. See https://www.openwall.com/lists/oss-security/2016/02/17/9.