INSTALL: --disable-intercept will also disable "log_subcmds"

INSTALL

@@ -382,18 +382,19 @@ Optional features:
 	using STREAMS.
 
   --enable-intercept[=PATH]
-        Enable support for the "intercept" functionality which allows
+        Enable support for the "intercept" functionality which
-        sudo to perform a policy check when a dynamically-linked
+        allows sudo to perform a policy check when a dynamically-linked
         program run by sudo attempts to execute another program.
-        For example, this means that for a shell run through sudo,
+        This is also used to support the "log_subcmds" sudoers
-        the individual commands run by the shell are also subject
+        setting.  For example, this means that for a shell run
-        to rules in the sudoers file.  Please see the "Preventing
+        through sudo, the individual commands run by the shell are
-        Shell Escapes" section in the sudoers man page for details.
+        also subject to rules in the sudoers file.  Please see the
-        If specified, PATH should be a fully qualified path name,
+        "Preventing Shell Escapes" section in the sudoers man page
-        e.g. /usr/local/libexec/sudo/sudo_noexec.so.  If PATH is
+        for details.  If specified, PATH should be a fully qualified
-        "no", intercept support will not be compiled in.  The default
+        path name, e.g.  /usr/local/libexec/sudo/sudo_intercept.so.
-        is to compile intercept support if libtool supports building
+        If PATH is "no", intercept support will not be compiled in.
-        shared objects on your system.
+        The default is to compile intercept support if libtool
+        supports building shared objects on your system.
 
   --with-noexec[=PATH]
 	Enable support for the "noexec" functionality which prevents