diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c
index 9b80cef88..8ec807a00 100644
--- a/plugins/sudoers/cvtsudoers.c
+++ b/plugins/sudoers/cvtsudoers.c
@@ -63,7 +63,6 @@
 struct cvtsudoers_filter *filters;
 struct sudoers_user_context user_ctx;
 struct sudoers_runas_context runas_ctx;
-struct passwd *list_pw;
 static FILE *logfp;
 static const char short_opts[] =  "b:c:d:ef:hi:I:l:m:Mo:O:pP:s:V";
 static struct option long_opts[] = {
diff --git a/plugins/sudoers/fmtsudoers.c b/plugins/sudoers/fmtsudoers.c
index e7c357bbf..a1b866dee 100644
--- a/plugins/sudoers/fmtsudoers.c
+++ b/plugins/sudoers/fmtsudoers.c
@@ -52,7 +52,8 @@ sudoers_format_member_int(struct sudo_lbuf *lbuf,
     switch (type) {
 	case MYSELF:
 	    sudo_lbuf_append(lbuf, "%s%s", negated ? "!" : "",
-		list_pw ? list_pw->pw_name : (user_ctx.name ? user_ctx.name : ""));
+		runas_ctx.list_pw ? runas_ctx.list_pw->pw_name :
+		(user_ctx.name ? user_ctx.name : ""));
 	    break;
 	case ALL:
 	    if (name == NULL) {
diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
index a04ca12e6..ae04dba7f 100644
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -321,7 +321,8 @@ log_denial(unsigned int status, bool inform_user)
 	    sudo_printf(SUDO_CONV_ERROR_MSG, _("Sorry, user %s may not run "
 		"sudo on %s.\n"), user_ctx.name, runas_ctx.shost);
 	} else {
-	    const struct passwd *runas_pw = list_pw ? list_pw : runas_ctx.pw;
+	    const struct passwd *runas_pw =
+		runas_ctx.list_pw ? runas_ctx.list_pw : runas_ctx.pw;
 	    const char *cmnd1 = user_ctx.cmnd;
 	    const char *cmnd2 = "";
 
@@ -358,8 +359,9 @@ log_failure(unsigned int status, int cmnd_status)
     debug_decl(log_failure, SUDOERS_DEBUG_LOGGING);
 
     /* The user doesn't always get to see the log message (path info). */
-    if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) && list_pw == NULL &&
-	    def_path_info && (cmnd_status == NOT_FOUND_DOT || cmnd_status == NOT_FOUND))
+    if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) &&
+	    runas_ctx.list_pw == NULL && def_path_info &&
+	    (cmnd_status == NOT_FOUND_DOT || cmnd_status == NOT_FOUND))
 	inform_user = false;
     ret = log_denial(status, inform_user);
 
diff --git a/plugins/sudoers/lookup.c b/plugins/sudoers/lookup.c
index 6fbbf75fb..7b57acbdf 100644
--- a/plugins/sudoers/lookup.c
+++ b/plugins/sudoers/lookup.c
@@ -72,7 +72,7 @@ sudoers_lookup_pseudo(struct sudo_nss_list *snl, struct passwd *pw, time_t now,
     pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;
     nopass = (pwcheck == never || pwcheck == all) ? true : false;
 
-    if (list_pw != NULL) {
+    if (runas_ctx.list_pw != NULL) {
 	root_pw = sudo_getpwuid(ROOT_UID);
 	if (root_pw == NULL)
 	    sudo_warnx(U_("unknown uid %u"), ROOT_UID);
@@ -144,8 +144,8 @@ sudoers_lookup_pseudo(struct sudo_nss_list *snl, struct passwd *pw, time_t now,
 		     * Root can list any user's privileges.
 		     * A user may always list their own privileges.
 		     */
-		    if (user_ctx.uid == 0 || list_pw == NULL ||
-			    user_ctx.uid == list_pw->pw_uid) {
+		    if (user_ctx.uid == 0 || runas_ctx.list_pw == NULL ||
+			    user_ctx.uid == runas_ctx.list_pw->pw_uid) {
 			cmnd_match = ALLOW;
 			runas_match = ALLOW;
 		    } else if (date_match != DENY) {
@@ -154,7 +154,7 @@ sudoers_lookup_pseudo(struct sudo_nss_list *snl, struct passwd *pw, time_t now,
 			 * user must match the list user or root.
 			 */
 			runas_match = runas_matches_pw(nss->parse_tree, cs,
-			    list_pw);
+			    runas_ctx.list_pw);
 			switch (runas_match) {
 			case DENY:
 			    break;
diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c
index 201b127a2..fb583403b 100644
--- a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c
+++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c
@@ -51,7 +51,6 @@ static const char *orig_cmnd;
 /* Required to link with parser. */
 struct sudoers_user_context user_ctx;
 struct sudoers_runas_context runas_ctx;
-struct passwd *list_pw;
 sudo_conv_t sudo_conv = fuzz_conversation;
 sudo_printf_t sudo_printf = fuzz_printf;
 unsigned int sudo_mode;
diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c
index 269421380..b1b0ea54e 100644
--- a/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c
+++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c
@@ -34,7 +34,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 /* Required to link with parser. */
 struct sudoers_user_context user_ctx;
 struct sudoers_runas_context runas_ctx;
-struct passwd *list_pw;
 sudo_printf_t sudo_printf = fuzz_printf;
 
 FILE *
diff --git a/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c b/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c
index 56229c9f7..b96555113 100644
--- a/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c
+++ b/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c
@@ -38,7 +38,6 @@ extern struct io_plugin sudoers_io;
 
 struct sudoers_user_context user_ctx;
 struct sudoers_runas_context runas_ctx;
-struct passwd *list_pw;
 sudo_printf_t sudo_printf;
 sudo_conv_t sudo_conv;
 struct sudo_plugin_event * (*plugin_event_alloc)(void);
diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index 65c4e44a9..e07991b45 100644
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -81,7 +81,6 @@ static bool tty_present(void);
  */
 struct sudoers_user_context user_ctx;
 struct sudoers_runas_context runas_ctx;
-struct passwd *list_pw;
 unsigned int sudo_mode;
 
 static char *prev_user;
@@ -911,6 +910,7 @@ done:
 int
 sudoers_list(int argc, char * const argv[], const char *list_user, bool verbose)
 {
+    struct passwd *pw;
     int ret = -1;
     debug_decl(sudoers_list, SUDOERS_DEBUG_PLUGIN);
 
@@ -922,8 +922,10 @@ sudoers_list(int argc, char * const argv[], const char *list_user, bool verbose)
 	goto done;
 
     if (list_user) {
-	list_pw = sudo_getpwnam(list_user);
-	if (list_pw == NULL) {
+	if (runas_ctx.list_pw != NULL)
+	    sudo_pw_delref(runas_ctx.list_pw);
+	runas_ctx.list_pw = sudo_getpwnam(list_user);
+	if (runas_ctx.list_pw == NULL) {
 	    sudo_warnx(U_("unknown user %s"), list_user);
 	    goto done;
 	}
@@ -945,18 +947,15 @@ sudoers_list(int argc, char * const argv[], const char *list_user, bool verbose)
     if (ret != true)
 	goto done;
 
+    pw = runas_ctx.list_pw ? runas_ctx.list_pw : user_ctx.pw;
     if (ISSET(sudo_mode, MODE_CHECK))
-	ret = display_cmnd(snl, list_pw ? list_pw : user_ctx.pw, verbose);
+	ret = display_cmnd(snl, pw, verbose);
     else
-	ret = display_privs(snl, list_pw ? list_pw : user_ctx.pw, verbose);
+	ret = display_privs(snl, pw, verbose);
 
 done:
     mail_parse_errors();
 
-    if (list_pw != NULL) {
-	sudo_pw_delref(list_pw);
-	list_pw = NULL;
-    }
     if (def_group_plugin)
 	group_plugin_unload();
     reset_parser();
@@ -1543,6 +1542,8 @@ sudoers_runas_ctx_free(void)
 	sudo_pw_delref(runas_ctx.pw);
     if (runas_ctx.gr != NULL)
 	sudo_gr_delref(runas_ctx.gr);
+    if (runas_ctx.list_pw != NULL)
+	sudo_pw_delref(runas_ctx.list_pw);
 
     /* Free dynamic contents of runas_ctx. */
     free(runas_ctx.cmnd);
@@ -1605,7 +1606,6 @@ sudoers_cleanup(void)
     sudoers_gc_run();
 
     /* Clear globals */
-    list_pw = NULL;
     saved_argv = NULL;
     NewArgv = NULL;
     NewArgc = 0;
diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h
index 17e41fdfd..2958ef44e 100644
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -122,6 +122,7 @@ struct sudoers_user_context {
 struct sudoers_runas_context {
     struct passwd *pw;
     struct group *gr;
+    struct passwd *list_pw;
     char *chroot;
     char *class;
     char *cmnd;
@@ -380,7 +381,6 @@ void sudoers_cleanup(void);
 bool sudoers_override_umask(void);
 extern struct sudoers_user_context user_ctx;
 extern struct sudoers_runas_context runas_ctx;
-extern struct passwd *list_pw;
 extern unsigned int sudo_mode;
 extern int sudoedit_nfiles;
 extern sudo_conv_t sudo_conv;
diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c
index e2d5498d2..7d4cb5af6 100644
--- a/plugins/sudoers/testsudoers.c
+++ b/plugins/sudoers/testsudoers.c
@@ -81,7 +81,6 @@ static int testsudoers_query(const struct sudo_nss *nss, struct passwd *pw);
  */
 struct sudoers_user_context user_ctx;
 struct sudoers_runas_context runas_ctx;
-struct passwd *list_pw;
 static const char *orig_cmnd;
 static char *runas_group, *runas_user;
 unsigned int sudo_mode = MODE_RUN;
@@ -166,8 +165,8 @@ main(int argc, char *argv[])
 		}
 		break;
 	    case 'L':
-		list_pw = sudo_getpwnam(optarg);
-		if (list_pw == NULL) {
+		runas_ctx.list_pw = sudo_getpwnam(optarg);
+		if (runas_ctx.list_pw == NULL) {
 		    sudo_warnx(U_("unknown user %s"), optarg);
 		    usage();
 		}
diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c
index 33071d4e8..35e76891c 100644
--- a/plugins/sudoers/visudo.c
+++ b/plugins/sudoers/visudo.c
@@ -110,7 +110,6 @@ extern void get_hostname(void);
  */
 struct sudoers_user_context user_ctx;
 struct sudoers_runas_context runas_ctx;
-struct passwd *list_pw;
 static const char *path_sudoers = _PATH_SUDOERS;
 static struct sudoersfile_list sudoerslist = TAILQ_HEAD_INITIALIZER(sudoerslist);
 static struct sudoers_parser_config sudoers_conf = SUDOERS_PARSER_CONFIG_INITIALIZER;