Restricting setuid
Executable Files
Executable files can be security risks. A few executable programs still have to be run
as root
to work properly. These setuid
programs run
with the user ID set to 0
. Anyone who is running these programs runs the
programs with the root
ID. A program that runs with the
root
ID creates a potential security problem if the program was not
written with security in mind.
Except for the executables that Oracle Solaris provides with the setuid
bit
set to root
, you should disallow the use of setuid
programs. If you cannot disallow the use of setuid
programs, then you
must restrict their use. Secure administration requires few setuid
programs.
For more information, see Protecting Executable Files From Compromising Security in Securing Files and Verifying File Integrity in Oracle Solaris 11.4. For procedures, see Protecting Against Programs With Security Risk in Securing Files and Verifying File Integrity in Oracle Solaris 11.4.