# security question about suid program in /usr/libexec

## fpemud

I found there're some suid programs in /usr/libexec:

```
[fpemud@fpemud-workstation ~]$ find /usr/libexec -perm +4000

/usr/libexec/pulse/proximity-helper

/usr/libexec/dbus-daemon-launch-helper

/usr/libexec/spice-client-glib-usb-acl-helper

```

After some learning I know they are assistant program and should not be called by user directly.

But how does linux prevent a malicious user do that?

Is there some check in these program?

----------

## Ant P.

You could read the source to find out, or just look at their actual permissions and see that they're limited to being run by specific user groups.

----------

