From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 13 Nov 2001 00:31:20 +0000 (+0000)
Subject: Add security note about command not being logged after 'sudo su' and
X-Git-Tag: SUDO_1_6_4~157
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=eac21ad7bf8214fb2ee337e172a5119497b01100;p=sudo

Add security note about command not being logged after 'sudo su' and
friends.
---

diff --git a/sudo.pod b/sudo.pod
index f5298a778..60ec9f8d3 100644
--- a/sudo.pod
+++ b/sudo.pod
@@ -266,6 +266,15 @@ will be ignored and sudo will log and complain.  This is done to
 keep a user from creating his/her own timestamp with a bogus
 date on systems that allow users to give away files.
 
+Please note that B<sudo> will only log the command it explicitly
+runs.  If a user runs a command such as C<sudo su> or C<sudo sh>,
+subsequent commands run from that shell will I<not> be logged, nor
+will B<sudo>'s access control affect them.  The same is true for
+commands that offer shell escapes (including most editors).  Because
+of this, care must be taken when giving users access to commands
+via B<sudo> to verify that the command does not inadvertantly give
+the user an effective root shell.
+
 =head1 EXAMPLES
 
 Note: the following examples assume suitable sudoers(5) entries.