# SetUID

setuid and setgid are short for "set user ID" and "set group ID". It allows users to run a program with the same user and group as the owner and group of the executable. This lets the user temporarily have more privileges than he normally would. For example, if a program has the setuid flag set and is owned by root, the program will have the user root when executed by a normal user. This is essential for allowing non-staff users to run programs such as ping, because ping must send and listen to packets on a network interface. Normally, only root would have access to the network interface, but setuid allows any user to run ping.

As you can probably guess, this could be a massive security risk. If the setuid is set for a badly designed program, a user could exploit a bug to become root.

Here is a command to detect any files that have the setuid flag:

    # find / -perm -4000
    /usr/bin/chfn
    /usr/bin/chpass
    /usr/bin/chsh
    /usr/bin/doas
    /usr/bin/lpr
    /usr/bin/lprm
    /usr/bin/passwd
    /usr/bin/su
    /usr/libexec/auth/login_chpass
    /usr/libexec/auth/login_lchpass
    /usr/libexec/auth/login_passwd
    /usr/libexec/lockspool
    /usr/libexec/ssh-keysign
    /usr/sbin/authpf
    /usr/sbin/authpf-noip
    /usr/sbin/pppd
    /usr/sbin/traceroute
    /usr/sbin/traceroute6
    /sbin/ping
    /sbin/ping6
    /sbin/shutdown


The files above are trusted and audited by the OpenBSD developers and part of the operating system.

**WARNING**: If you see any other binaries, then watch out# You may want to delete packages that created those files, or delete the files themselves. These files may be a serious security risk to your server.