program can get root permission in sudo time

Thanks for taking the time to report this bug and helping to make Ubuntu better. This is not a bug, but rather expected behavior:
https://wiki.ubuntu.com/SecurityTeam/FAQ#Sudo

Please feel free to report any other bugs you may find.

then design/behavior itself is bug, or with other words, decision that this is not bug is buggy. and, if this bug cannot be fixed, at least you should fix documentation, warn that if user uses many scripts and programs which content he cannot check, and time-to-time he runs sudo command, then any of that programs has ability to gain root privilegy that mean it can change all system.

i wanted to say it can change whole system. my english is bad. and i meant if he runs many programs that he cannot check and which he cannot trust.

as i know and understand sudo session can be killed, and something like "channel" of sending commands, called pts0 or pts1 etc can be gained, and sudo session will be still not closed in it. is not it possible to make that it closes that session before it is killed?

and as i know su command that is used instead of sudo in linux distributions like fedora does not have this disadvantage. is it so? maybe because when pts or something is killed su session is closed..

and if su does not have that disadvantage, you also should fix documentation, i mean the explanation of sudo somewhere that said that sudo is more secure than su and/or root session.