sudo tries to be safe when executing external commands.
To prevent command spoofing, sudo checks "." and "" (both denoting
current directory) last when searching for a command in the user's
PATH (if one or both are in the PATH). Note, however, that the
actual PATH environment variable is not modified and is passed
unchanged to the program that sudo executes.
Users should never be granted sudo privileges to execute files that
are writable by the user or that reside in a directory that is
writable by the user. If the user can modify or replace the
command there is no way to limit what additional commands they can
run.
Please note that sudo will normally only log the command it
explicitly runs. If a user runs a command such as sudo su or sudo
sh, subsequent commands run from that shell are not subject to
sudo's security policy. The same is true for commands that offer
shell escapes (including most editors). If I/O logging is enabled,
subsequent commands will have their input and/or output logged, but
there will not be traditional logs for those commands. Because of
this, care must be taken when giving users access to commands via
sudo to verify that the command does not inadvertently give the
user an effective root shell. For information on ways to address
this, please see the Preventing shell escapes section in
sudoers(5).
To prevent the disclosure of potentially sensitive information,
sudo disables core dumps by default while it is executing (they are
re-enabled for the command that is run). This historical practice
dates from a time when most operating systems allowed set-user-ID
processes to dump core by default. To aid in debugging sudo
crashes, you may wish to re-enable core dumps by setting
'disable_coredump' to false in the sudo.conf(5) file as follows:
Set disable_coredump false
See the sudo.conf(5) manual for more information.
