I'm done with the audit. lastlog2 implements a PAM session interface that logs user information to a world-readable sqlite3 database. An accompanying binary /usr/bin/lastlog2 parses this information. The latter also includes an import feature to migrate old lastlog files. The only finding (CWE-89) was discovered in the PAM part of the package: https://bugzilla.suse.com/show_bug.cgi?id=1209587 Upstream addressed this promptly and correctly already, so there's nothing in the way of a whitelisting.