Information
The owner of a file can set the file's permissions to run with the owner's or group's permissions, even if the user running the program is not the owner or a member of the group. The most common reason for a SUID program is to enable users to perform functions (such as changing their password) that require root privileges.
Rationale:
There are valid reasons for SUID programs, but it is important to identify and review such programs to ensure they are legitimate.
Solution
Ensure that no rogue set-UID programs have been introduced into the system. Review the files returned by the action in the Audit section and confirm the the integrity of these binaries as described below:
Example:
# rpm -V 'rpm -qf /usr/bin/sudo'
.......T /usr/bin/sudo
SM5....T /usr/bin/sudoedit
Default Value:
OS Default: N/A