setuid and setgid are short for "set user ID" and "set group ID". It allows users to run a program with the same user and group as the owner and group of the executable. This lets the user temporarily have more privileges than he normally would. For example, if a program has the setuid flag set and is owned by root, the program will have the user root when executed by a normal user. This is essential for allowing non-staff users to run programs such as ping, because ping must send and listen to packets on a network interface. Normally, only root would have access to the network interface, but setuid allows any user to run ping.

As you can probably guess, this could be a massive security risk. If the setuid is set for a badly designed program, a user could exploit a bug to become root.

Here is a command to detect any files that have the setuid flag:

# find / -perm -4000

The files above are trusted and audited by the OpenBSD developers and part of the operating system.

WARNING: If you see any other binaries, then watch out! You may want to delete packages that created those files, or delete the files themselves. These files may be a serious security risk to your server.