sudo uses PAM incorrectly: it calls pam_open_session() immediately followed by pam_close_session() and only then exec()s the actual process. pam_close_session() must be closed after the process terminates again, not before. This issue confused a number of PAM modules quite a bit. login(1) does that correctly. After calling pam_open_session() it forks, and then in the parent process waits for the child to terminate and then calls pam_close_session(). http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=blob;f=login-utils/login.c;h=1550388c4574207857ae6843041eeff3cba52d39;hb=HEAD#l1166 sudo must follow the same scheme.
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=421
sudo(8) does not fork(), it calls exec() only. This is feature... It's necessary to start PAM session, because some resources are defined/restricted during session initialization (e.g. pam_limit). For more details see bug #154511.
Upstream fix: http://www.sudo.ws/repos/sudo/rev/fb3d7de50a05
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle. Changing version to '14'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
sudo-1.7.4p4-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/sudo-1.7.4p4-1.fc14
sudo-1.7.4p4-1.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update sudo'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/sudo-1.7.4p4-1.fc14
sudo-1.7.4p4-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.