Cerca all'interno di tutto il file system i file o le directory che hanno impostato il bit setuserid o setgroupid, che permettono l'esecuzione di comandi con privilegi di root anche da parte di utenti normali e rappresentano un potenziale problema di sicurezza.
La quantità di simili file su un normale sistema Unix è notevole. Segue un esempio su una RedHat 8.0 con installazione di default.
[root@51 al]# find / \( -perm -04000 -o -perm -02000 \) -ls
289237 4 drwxr-sr-x 2 root ftp 4096 Jun 23 15:50 /var/ftp/pub
320100 40 -rwsr-xr-x 1 root root 37688 Aug 29 23:20 /usr/bin/chage
320102 36 -rwsr-xr-x 1 root root 35000 Aug 29 23:20 /usr/bin/gpasswd
320431 12 -r-xr-sr-x 1 root tty 10224 Jul 19 04:14 /usr/bin/wall
320527 20 -rws--x--x 1 root root 16835 Aug 30 22:00 /usr/bin/chfn
320528 16 -rws--x--x 1 root root 15664 Aug 30 22:00 /usr/bin/chsh
320546 8 -rws--x--x 1 root root 6999 Aug 30 22:00 /usr/bin/newgrp
320557 20 -rwxr-sr-x 1 root tty 18605 Aug 30 22:00 /usr/bin/write
320568 40 -rwsr-xr-x 1 root root 37140 Jul 25 04:45 /usr/bin/at
321011 16 -r-s--x--x 1 root root 15368 May 28 2002 /usr/bin/passwd
321016 20 -rwxr-sr-x 1 root mail 17477 Jun 24 01:09 /usr/bin/lockfile
321081 20 -rwsr-xr-x 1 root root 19131 Jun 24 02:05 /usr/bin/rcp
321083 16 -rwsr-xr-x 1 root root 15376 Jun 24 02:05 /usr/bin/rlogin
321084 12 -rwsr-xr-x 1 root root 10689 Jun 24 02:05 /usr/bin/rsh
321099 32 -rwxr-sr-x 1 root slocate 31661 Jun 24 02:22 /usr/bin/slocate
321103 88 ---s--x--x 1 root root 84984 Jun 28 01:57 /usr/bin/sudo
321122 36 -rwsr-xr-x 1 root root 34662 Jul 20 00:51 /usr/bin/crontab
321795 12 -rwsr-xr-x 1 root root 8345 Sep 5 15:19 /usr/bin/desktop-create-kmenu
321803 20 -rwsr-xr-x 1 root root 17743 Sep 5 14:06 /usr/bin/kcheckpass
321814 64 -rwxr-sr-x 1 root root 60955 Sep 5 14:33 /usr/bin/kdesud
244475 8 -rws--x--x 1 vcsa root 7491 Aug 23 21:32 /usr/lib/mc/bin/cons.saver
64012 8 -rwsr-xr-x 1 root root 5100 Sep 6 00:58 /usr/libexec/pt_chown
144607 164 -rws--x--x 1 root root 162476 Aug 14 06:08 /usr/libexec/openssh/ssh-keysign
96111 36 -rwsr-xr-x 1 root root 33071 Jun 23 20:14 /usr/sbin/ping6
96115 16 -rwsr-xr-x 1 root root 13718 Jun 23 20:14 /usr/sbin/traceroute6
96515 16 -rwxr-sr-x 1 root utmp 15570 Jun 24 03:00 /usr/sbin/utempter
96526 16 -rwsr-xr-x 1 root root 15502 Sep 4 19:23 /usr/sbin/usernetctl
96544 32 -rws--x--x 1 root root 29676 Sep 4 22:32 /usr/sbin/userhelper
96755 12 -rwsr-xr-x 1 root root 10205 Jul 1 19:27 /usr/sbin/userisdnctl
97243 16 -rwxr-sr-x 1 root utmp 13414 Aug 30 00:54 /usr/sbin/gnome-pty-helper
96932 16 -rwxr-sr-x 1 root lock 12325 Jun 23 22:26 /usr/sbin/lockdev
97254 744 -rwxr-sr-x 1 root smmsp 754801 Aug 29 21:38 /usr/sbin/sendmail.sendmail
97397 32 -rwsr-xr-x 1 root root 32076 Jun 24 02:41 /usr/sbin/traceroute
100260 20 -r-s--x--- 1 root apache 20469 Sep 4 23:23 /usr/sbin/suexec
100385 100 -rwxr-sr-x 1 root postdrop 95744 Jul 24 13:20 /usr/sbin/postdrop
100391 88 -rwxr-sr-x 1 root postdrop 84885 Jul 24 13:20 /usr/sbin/postqueue
98934 1844 -rws--x--x 1 root root 1884018 Sep 6 05:29 /usr/X11R6/bin/XFree86
160313 36 -rwsr-xr-x 1 root root 35302 Jun 23 20:14 /bin/ping
160390 88 -rwsr-xr-x 1 root root 81996 Aug 30 22:00 /bin/mount
160391 40 -rwsr-xr-x 1 root root 40700 Aug 30 22:00 /bin/umount
160416 20 -rwsr-xr-x 1 root root 19132 Aug 29 22:56 /bin/su
176244 8 -r-s--x--x 1 root root 7132 Aug 2 17:08 /sbin/pam_timestamp_check
176245 124 -r-sr-xr-x 1 root root 119592 Aug 2 17:08 /sbin/pwdb_chkpwd
176246 20 -r-sr-xr-x 1 root root 17180 Aug 2 17:08 /sbin/unix_chkpwd
176279 16 -rwxr-sr-x 1 root root 12578 Sep 4 19:23 /sbin/netreport
Procedure di login e logout. Root e altri utenti. Acceso remoto via telnet.
La logica della sicurezza sui sistemi Unix / LinuxUtenti e root, permessi, attributi, limiti: le proprietà di sicurezza dei sistemi Unix.