Getpwuid call doesn't clode /etc/shadow, it leaves the possibility to access file descriptor after privelege are dropped.
vulners.com/securityvulns/securityvulns:doc:3306