4.1. Care about standard library calls

In general, writers of authorization-granting applications should assume that each module is likely to call any or all 'libc' functions. For 'libc' functions that return pointers to static/dynamically allocated structures (ie. the library allocates the memory and the user is not expected to 'free()' it) any module call to this function is likely to corrupt a pointer previously obtained by the application. The application programmer should either re-call such a 'libc' function after a call to the Linux-PAM library, or copy the structure contents to some safe area of memory before passing control to the Linux-PAM library.

Two important function classes that fall into this category are getpwnam(3) and syslog(3).