From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sun, 13 Jan 2002 18:36:44 +0000 (+0000)
Subject: Add caveat about stay_setuid flag
X-Git-Tag: SUDO_1_6_4~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=017366ce4a92a239541338c14049519ae4440c98;p=sudo

Add caveat about stay_setuid flag
---

diff --git a/sudoers.pod b/sudoers.pod
index 210e5d506..4847e7320 100644
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -428,7 +428,11 @@ UIDs are set to the target user (root by default).  This option
 changes that behavior such that the real UID is left as the invoking
 user's UID.  In other words, this makes B<sudo> act as a setuid
 wrapper.  This can be useful on systems that disable some potentially
-dangerous functionality when a program is run setuid.
+dangerous functionality when a program is run setuid.  Note, however,
+that this means that sudo will run with the real uid of the invoking
+user which may allow that user to kill B<sudo> before it can log a
+failure, depending on how your OS defines the interaction between
+signals and setuid processes.
 
 =item env_reset