This check reports files that have been assigned the setuid attribute and are executable. Anyone running a setuid file is temporarily assigned the user ID of the file. While many system files depend on this attribute for proper operation, security problems can result if setuid is assigned to programs that allow reading and writing of files or escapes to shell. The executable status of files is determined using the UNIX file command. Enter full path names and wildcard characters in the file list to specify files and directories to be excluded from the check. For example, you would enter /etc/* to exclude all files in the /etc directory. ESM recognizes two types of executable files: binaries and scripts. To exclude one or the other, add BINARY or SCRIPT to the exclude name list. Files excluded by executable type will be reported by the Setuid Files check, if it is enabled.
The following table lists the error message for the check.
Table: Error message for Setuid executable files