If root owns a file, and that file has the setuid bit set, then when that file is executed it runs with the power of root, regardless of who runs it (review Chapter 8, "Working with Permissions and Ownership"). If a setuid root file has its permissions set so that anyone can execute it (known to programmers as world executable ), then anyone on the system can run the file and perhaps use it to obtain root access.
Some world-executable commands are intentionally " setuid root" because they need to access parts of the system normally available only to root. The lsof program is one example. These programs are (hopefully) carefully written to prevent anyone from using them to create a new shell or to execute other commands.
You can use the find command to search your entire system for setuid root files.
As of Mac OS X version 10.4, there are dozens of world-executable setuid root programs on the system.
A good security practice would be to create a list of all the setuid root programs on your machine, save it somewhere safe (such as on a CD), and periodically compare the saved list with a newly generated version. If you found any new programs on the list, you would want to check with Apple to see if they were really supposed to be there.
This is obviously a time-consuming and annoying process, which is true of most security tasks .
To search for setuid root files:
The command will take a while to finish, since it has to look at every file on your system. You might want to pipe the results into e-mail and put it in the background by adding the following to the end of the command line:
mail youremailaddress &