1. UNIX programs that can be run by a user, but which have root privileges. Key point: In theory, setuid programs can only be installed by root, and they are considered as part of the operating system, because they inherently bypass security checks and must verify security themselves. A typical example is the passwd command, which a user runs in order to change his/her password. It must be setuid, because it changes files only root has access to, but yet it must be runnable by users. Key point: In practice, setuid programs often have bugs that can be exploited by logged in users. Key point: As part of hardening a system, the administrator should scour the system and remove all unnecessary setuid programs. Linux find / -type f -perm +6000 -exec ls -l {} \; Solaris find / -type f \( -perm -4000 -o -perm -2000 \) -exec ls -l {} \; In order to remove the suid bit, you can use the command chmod -s filename. Removing the suid bit will disable a lot of programs. Two programs that really need to have this bit turned on are /usr/bin/passwd, which users run to change their passwords, and /bin/su, which elevates a normal user to super user (when given the correct password). Key point: Some programs are really setguid which only changes the group context rather than the user context. Key point: Windows doesn't have the concept of setuid. Instead, RPC is used whereby client programs (run by users) contact server programs to carry out the desired task. For example, in order to change the password, the client program asks the SAM to do it on behalf of the user. Thus, whereas UNIX requires a myriad of client programs to verify credentials and be written securely, Windows only requires a few server programs to do the same. Key point: A common way to backdoor a system is to place a SUID program in the /tmp directory. From Hacking-Lexicon