From eac21ad7bf8214fb2ee337e172a5119497b01100 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Tue, 13 Nov 2001 00:31:20 +0000
Subject: [PATCH] Add security note about command not being logged after 'sudo
 su' and friends.

---
 sudo.pod | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/sudo.pod b/sudo.pod
index f5298a778..60ec9f8d3 100644
--- a/sudo.pod
+++ b/sudo.pod
@@ -266,6 +266,15 @@ will be ignored and sudo will log and complain.  This is done to
 keep a user from creating his/her own timestamp with a bogus
 date on systems that allow users to give away files.
 
+Please note that B<sudo> will only log the command it explicitly
+runs.  If a user runs a command such as C<sudo su> or C<sudo sh>,
+subsequent commands run from that shell will I<not> be logged, nor
+will B<sudo>'s access control affect them.  The same is true for
+commands that offer shell escapes (including most editors).  Because
+of this, care must be taken when giving users access to commands
+via B<sudo> to verify that the command does not inadvertantly give
+the user an effective root shell.
+
 =head1 EXAMPLES
 
 Note: the following examples assume suitable sudoers(5) entries.
-- 
2.40.0