diff -ur ../pam_mount-0.18/src/pam_mount.c ./src/pam_mount.c
--- src/pam_mount.c	2007-03-12 12:01:49.000000000 -0400
+++ src/pam_mount.c	2007-03-12 11:01:53.000000000 -0400
@@ -328,7 +328,7 @@
 	log_argv(_argv);
 
         if(!spawn_apS(NULL, _argv, NULL, G_SPAWN_DO_NOT_REAP_CHILD, set_myuid,
-         user, &pid, NULL, &cstdout, NULL, &err)) {
+         NULL, &pid, NULL, &cstdout, NULL, &err)) {
 		l0g(PMPREFIX "error executing /usr/sbin/pmvarrun\n");
 		fnval = -1;
 		goto _return;
diff -ur ../pam_mount-0.18/src/pmvarrun.c ./src/pmvarrun.c
--- src/pmvarrun.c	2006-07-28 18:43:41.000000000 -0400
+++ src/pmvarrun.c	2007-03-12 12:02:22.000000000 -0400
@@ -95,6 +95,11 @@
     return;
 }
 
+static int user_sanity_check (const char *user) 
+{
+	size_t len = strlen(user);
+	return strstr(user, "../") || user[0] == '-' || user[len - 1] == '/';
+}
 
 /*  parse_args
     @argc:      number of elements in @argv
@@ -129,6 +134,11 @@
                         usage(EXIT_FAILURE, "count string is not valid");
 			break;
 		case 'u':
+			if (user_sanity_check (optarg)) {
+				fprintf(stderr, "Invalid user name\n");
+				exit (EXIT_FAILURE);
+			}
+
 			g_strlcpy(settings->user, optarg,
 				  sizeof(settings->user));
 			break;