runs.  If a
       user runs a command such as ‘sudo su’ or ‘sudo sh’, subsequent  commands
       run from that shell are not subject to sudo’s security policy.  The same
       is  true for commands that offer shell escapes (including most editors).
       If I/O logging is enabled, subsequent commands  will  have  their  input
       and/or  output  logged, but there will not be traditional logs for those
       commands. Because of this, care must be taken when giving  users  access
       to  commands  via sudo to verify that the command does not inadvertently
       give the user an effective root shell.  For information on ways  to  ad‐
       dress this, see the Preventing shell escapes section in sudoers(5).

       To  prevent  the  disclosure  of potentially sensitive information, sudo
       disables core dumps by default while it is executing  (they  are  re‐en‐
       abled for the command that is run).  This historical practice dates from
       a time when most operating systems allowed set‐user‐ID processes to dump
       core  by default.  To aid in debugging sudo crashes, you may wish to re‐
       enable  core  dumps  by  setting  “disable_coredump”  to  false  in  the
       sudo.conf(5) file as follows:

           Set disable_coredump false

       See the sudo.conf(5) manual for more information.

ENVIRONMENT
       sudo  utilizes the following environment variables.  The security policy
       has control over the actual content of the command’s environment.

       EDITOR           Default editor to use in -e (sudoedit) mode if  neither
                        SUDO_EDITOR nor VISUAL is set.

       MAIL             Set  to  the  mail spool of the target user when the -i
                        option is specified, or when env_reset  is  enabled  in
                        sudoers (unless MAIL is present in the env_keep list).

       HOME             Set  to  the home directory of the target user when the
                        -i or -H options are specified, when the -s  option  is
                        specified   and   set_home  is  set  in  sudoers,  when
                        always_set_home  is  enabled  in   sudoers,   or   when
                        env_reset is enabled in sudoers and HOME is not present
                        in the env_keep list.

       LOGNAME          Set  to  the  login name of the target user when the -i
                        option is specified, when the set_logname option is en‐
                        abled in sudoers, or when the env_reset option  is  en‐
                        abled  in  sudoers  (unless  LOGNAME  is present in the
                        env_keep list).

       PATH             May be overridden by the security policy.

       SHELL            Used to determine shell to run with -s option.

       SUDO_ASKPASS     Specifies the path to a helper program used to read the
                        password if no terminal is available or if the  -A  op‐
                        tion is specified.

       SUDO_COMMAND     Set to the command run by sudo, including any args. The
                        args  are truncated at 4096 characters to prevent a po‐
                        tential execution error.

       SUDO_EDITOR      Default editor to use in -e (sudoedit) mode.

       SUDO_GID         Set to the group‐ID of the user who invoked sudo.

       SUDO_PROMPT      Used as the default password prompt unless the  -p  op‐
                        tion was specified.

       SUDO_PS1         If  set,  PS1  will be set to its value for the program
                        being run.

       SUDO_UID         Set to the user‐ID of the user who invoked sudo.

       SUDO_USER        Set to the login name of the user who invoked sudo.

       USER             Set to the same value as LOGNAME, described above.

       VISUAL           Default  editor  to  use  in  -e  (sudoedit)  mode   if
                        SUDO_EDITOR is not set.

FILES