Batch interactive jobs in psuedoterminals (that is, jobs submitted using bsub ‑Is and bsub ‑Ip commands) could obtain root privileges to your cluster due to environment variables (LD_PRELOAD and LD_LIBRARY_PATH) contained in the jobs.
To enhance security against users obtaining root privileges using batch interactive jobs in psuedoterminals, enable the cluster remove these environment variables from batch interactive jobs during job initialization. These environment variables are put back before the job runs.