To View All SetUID Programs On A UNIX Machine

As a matter of fact, allowing normal users to run program with great permissions is somewhat dangerous.  

Therefore, we must set up carefully any program that is SetUID, especially those that are SetUID root to ensure that a user cannot exploit the program.  

Why? Because if the bad guys own an account on a system and can run SetUID programs, they can try to hack the SetUID program to gain increased privileges.

Those bad guys could try to provide bogus input to the SetUID program or crash it as trying to gain elevated privileges.  Because of this, SetUID programs must be carefully configured to minimize the access provided through the program to the user.  

Moreover, system administrators should take care of a list of all SetUID programs on a machine.  Newly added or modified SetUID root programs could be an indication that an attacker is present on the machine and has configured a SetUID program as a quick way to jump to root.

To view all SetUID programs on a UNIX machine, you can execute the following command as a root-level user:

root@ephraim:~# find / -uid 0 -perm -4000 -print

find is the name of the program

/ start looking at the root directory and continues through subdirectories

-uid look for files owned by accounts with UID 0.

-4000 Look for files with the SetUID bit set.

-print Print the results on the screen.