How does the use_pty sudoers option prevent a persistence attack?

As a rule in the Debian 10 hardening guide, and various other audit guides of the Center for Internet Security (CIS), setting the use_pty sudoers option is recommended for the following rationale: > Attackers can run a malicious program using sudo which would fork a background process that remains even when the main program has finished executing. In the sudoers man page, it is described that running a background process that retains access to the user's terminal after the main process has finished executing is no longer possible when the commands are run in a separate pseudo-terminal. I don't really grasp the nuance here. What does it mean to run the sudo command in a *separate pseudo-terminal*, and why is the background process attack no longer possible when this flag is set? What other ramifications does setting use_pty have? Thank you!