Executable files can be security risks. A few executable programs still have to be run as root to work properly. These setuid programs run with the user ID set to 0. Anyone who is running these programs runs the programs with the root ID. A program that runs with the root ID creates a potential security problem if the program was not written with security in mind.
Except for the executables that Oracle Solaris provides with the setuid bit set to root, you should disallow the use of setuid programs. If you cannot disallow the use of setuid programs, then you must restrict their use. Secure administration requires few setuid programs.
For more information, see Protecting Executable Files From Compromising Security in Securing Files and Verifying File Integrity in Oracle Solaris 11.2 . For procedures, see Protecting Against Programs With Security Risk in Securing Files and Verifying File Integrity in Oracle Solaris 11.2 .