Setuid executable files (UNIX)

Module: File Find

This check reports files that have been assigned the setuid attribute and are executable. Anyone running a setuid file is temporarily assigned the user ID of the file. While many system files depend on this attribute for proper operation, security problems can result if setuid is assigned to programs that allow reading and writing of files or escapes to shell. The executable status of files is determined using the UNIX file command. Enter full path names and wildcard characters in the file list to specify files and directories to be excluded from the check. For example, you would enter /etc/* to exclude all files in the /etc directory. ESM recognizes two types of executable files: binaries and scripts. To exclude one or the other, add BINARY or SCRIPT to the exclude name list. Files excluded by executable type will be reported by the Setuid Files check, if it is enabled.

The following table lists the error message for the check.

Table: Error message for Setuid executable files

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_SETUID_EXEC

Category: System Information

UNIX (5653)

Title: File is setuid and executable

Description:The listed files have been assigned the setuid attribute and are executable. Setuid means that anyone running these files is temporarily assigned the user ID of the file. While many system files depend on this attribute for proper operation, security problems can result if setuid is assigned to programs that allow reading and writing of files or escapes to shell. You should examine the listed files for such attributes and use the chmod command to change file setuid properties where appropriate. The executable status of these files was determined using the UNIX file command. The output of this command is shown in the information field.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

[an error occurred while processing this directive]