Comment 11 for bug 270781

https://bugzilla.redhat.com/show_bug.cgi?id=488147#c21 explains that this segfault comes not from unix_chkpwd, but from glibc which aborts when a setuid or setgid application is started without fds (0,1,2) open and opening a placeholder fd to either /dev/null or /dev/full fails with a permissions problem.

And fds 1 and 2 are closed by pam_unix before launching unix_chkpwd, which is what triggers the abort.

Ultimately the bug is in whatever has broken the standard devices on the system, preventing the fds from being reopened. But we may be able to defend against this better by just not closing stdout/stderr in the first place.