From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 27 Sep 2004 18:05:58 +0000 (+0000)
Subject: Mention PREVENTING SHELL ESCAPES section of sudoers man page
X-Git-Tag: SUDO_1_7_0~937
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a79c3af48739c63191ebaa2c983ad69cfb3904d0;p=sudo

Mention PREVENTING SHELL ESCAPES section of sudoers man page
---

diff --git a/sudo.pod b/sudo.pod
index 7222e2ecc..bc106957f 100644
--- a/sudo.pod
+++ b/sudo.pod
@@ -359,14 +359,16 @@ will be ignored and sudo will log and complain.  This is done to
 keep a user from creating his/her own timestamp with a bogus
 date on systems that allow users to give away files.
 
-Please note that B<sudo> will only log the command it explicitly
-runs.  If a user runs a command such as C<sudo su> or C<sudo sh>,
-subsequent commands run from that shell will I<not> be logged, nor
-will B<sudo>'s access control affect them.  The same is true for
-commands that offer shell escapes (including most editors).  Because
-of this, care must be taken when giving users access to commands
-via B<sudo> to verify that the command does not inadvertently give
-the user an effective root shell.
+Please note that B<sudo> will normally only log the command it
+explicitly runs.  If a user runs a command such as C<sudo su> or
+C<sudo sh>, subsequent commands run from that shell will I<not> be
+logged, nor will B<sudo>'s access control affect them.  The same
+is true for commands that offer shell escapes (including most
+editors).  Because of this, care must be taken when giving users
+access to commands via B<sudo> to verify that the command does not
+inadvertently give the user an effective root shell.  For more
+information, please see the C<PREVENTING SHELL ESCAPES> section in
+L<sudoers(@mansectform@)>.
 
 =head1 ENVIRONMENT