In general, writers of authorization-granting applications should
assume that each module is likely to call any or
all 'libc' functions. For 'libc' functions
that return pointers to static/dynamically allocated structures
(ie. the library allocates the memory and the user is not expected
free()' it) any module call to this
function is likely to corrupt a pointer previously
obtained by the application. The application programmer should
either re-call such a 'libc' function after a call to the
Linux-PAM library, or copy the
structure contents to some safe area of memory before passing
control to the Linux-PAM library.
Two important function classes that fall into this category are getpwnam(3) and syslog(3).