setuid and setgid permissions are very useful, however, they can be used to attack a system. Only files that absolutely need these permissions should have them set. There is an easy way to find all files on your computer that have these permissions set. You can then verify if these files need the permissions or not.

You can see our Intro to setuid and setgid if you are unsure what they are.

The previous command will list all files on your computer that have either setuid or setgid set. Your system will have some files with these permissions that actually need them. You should review the list online to make sure any file that has the permissions needs them.

setuid/setgid on world writable files

You should never have any files that have either setuid or setgid set and are writable by other/world. An anonymous user could edit the file and execute it as the owner and essentially make the file do whatever he/she wants.

You can find files with these permissions with the following commands.

The previous command should not list any files. If it does, remove some permissions (either the world writable permission or both setuid and setgid) from the found files and investigate where they came from. It may very likely be a file that should not be on your computer.