This should be fixed in shadow 4.1.0. All getpw(ent/nam/uid) were audited and the replaced by call to xgetpw(nam/uid) when pam function might be used between the call and the usage. These new functions use the libc's *_r functions or copy the structures in newly allocated memory.
It would be nice if you could check it, since I might have missed some of them. -- pwent data can be overwritten by a PAM module in su source https://bugs.launchpad.net/bugs/80610 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs