Mention PREVENTING SHELL ESCAPES section of sudoers man page

diff --git a/sudo.pod b/sudo.pod
index 7222e2eccd6eae9d487a3c63473633402757210c..bc106957f477838fa238b0955a7074b0d61f3391 100644 (file)
--- a/sudo.pod
+++ b/sudo.pod
@@ -359,14 +359,16 @@ will be ignored and sudo will log and complain.  This is done to
 keep a user from creating his/her own timestamp with a bogus
 date on systems that allow users to give away files.
 
-Please note that B<sudo> will only log the command it explicitly
-runs.  If a user runs a command such as C<sudo su> or C<sudo sh>,
-subsequent commands run from that shell will I<not> be logged, nor
-will B<sudo>'s access control affect them.  The same is true for
-commands that offer shell escapes (including most editors).  Because
-of this, care must be taken when giving users access to commands
-via B<sudo> to verify that the command does not inadvertently give
-the user an effective root shell.
+Please note that B<sudo> will normally only log the command it
+explicitly runs.  If a user runs a command such as C<sudo su> or
+C<sudo sh>, subsequent commands run from that shell will I<not> be
+logged, nor will B<sudo>'s access control affect them.  The same
+is true for commands that offer shell escapes (including most
+editors).  Because of this, care must be taken when giving users
+access to commands via B<sudo> to verify that the command does not
+inadvertently give the user an effective root shell.  For more
+information, please see the C<PREVENTING SHELL ESCAPES> section in
+L<sudoers(@mansectform@)>.
 
 =head1 ENVIRONMENT