I've searched the forum, but nothing answers my question.
We know the security risk posed by suid, sgid.
I'm looking to remove the suid bits from all programs that do not absolutely need it.

This command:
find / -type f \( -perm -04000 -o -perm -02000 \) \-exec ls -lg {} \;
gave the list below.

For which of these programs can I safely remove the suid bit? I don't want to break my system by modifying a program that the system needs.

-r-sr-xr-x 1 bin 502172 Jan 10 12:36 /usr/local/bin/dccproc
-r-sr-xr-x 1 bin 186683 Jan 10 12:36 /usr/local/bin/cdcc
-r-s--x--x 1 root 23980 Nov 17 00:27 /usr/lib/virtualbox/VBoxNetDHCP
-r-s--x--x 1 root 9896 Nov 17 00:27 /usr/lib/virtualbox/VBoxNetAdpCtl
-r-s--x--x 1 root 23976 Nov 17 00:27 /usr/lib/virtualbox/VBoxSDL
-r-s--x--x 1 root 23980 Nov 17 00:27 /usr/lib/virtualbox/VBoxHeadless
-r-s--x--x 1 root 24108 Nov 17 00:27 /usr/lib/virtualbox/VirtualBox
-rwsr-x--- 1 squid 15448 Jan 20 2009 /usr/lib/squid/pam_auth
-rwsr-x--- 1 squid 17580 Jan 20 2009 /usr/lib/squid/ncsa_auth
-rwx--s--x 1 utmp 6652 Feb 26 2009 /usr/libexec/utempter/utempter
-rwsr-xr-x 1 root 176732 Dec 16 17:15 /usr/libexec/openssh/ssh-keysign
-rwxr-sr-x 1 lock 16616 Jan 9 2007 /usr/sbin/lockdev
-rws--x--x 1 root 32780 Feb 26 2009 /usr/sbin/userhelper
-rwsr-xr-x 1 root 6240 Jan 6 2007 /usr/sbin/ccreds_validate
-r-s--x--- 1 apache 11544 Sep 15 2008 /usr/sbin/suexec
-rwsr-xr-x 1 root 169760 Jan 12 16:22 /usr/kerberos/bin/ksu
---s--x--x 2 root 140808 Sep 19 19:02 /usr/bin/sudo
-rwxr-sr-x 1 mail 16020 Mar 29 2007 /usr/bin/lockfile
---s--x--x 1 root 34112 Sep 3 18:03 /usr/bin/staprun
---s--x--x 2 root 140808 Sep 19 19:02 /usr/bin/sudoedit
-rws--x--x 1 root 1890084 Jan 5 17:16 /usr/bin/Xorg
-rwsr-xr-x 1 root 43976 Jan 5 2007 /usr/bin/at
-rwxr-sr-x 1 nobody 88972 Dec 16 17:15 /usr/bin/ssh-agent
-rws--x--x 1 root 70900 Sep 3 07:30 /usr/bin/sperl5.8.8
-rwsr-xr-x 1 root 22984 Jan 6 2007 /usr/bin/passwd
-rwsr-sr-x 1 root 315416 Jan 5 16:59 /usr/bin/crontab
-rwx--s--x 1 slocate 23856 Sep 3 10:53 /usr/bin/locate
-rwsr-sr-x 1 qscand 113217 Jan 13 13:56 /var/qmail/bin/qmail-scanner-queue.pl
-rws--x--x 1 qmail 21048 Jan 7 15:30 /var/qmail/bin/qmail-queue
-r-sr-xr-x 1 bin 153546 Jan 10 12:36 /var/dcc/libexec/dccsight
-rwsr-x--- 1 dbus 45148 Jan 7 16:24 /lib/dbus-1/dbus-daemon-launch-helper
-rwsr-x--- 1 ecryptfs 12000 Sep 3 18:13 /sbin/mount.ecryptfs_private
-rwsr-xr-x 1 root 12248 Sep 3 15:51 /sbin/pam_timestamp_check
-rwsr-xr-x 1 root 19184 Sep 3 15:51 /sbin/unix_chkpwd
-rwsr-sr-x 1 root 81864 Nov 17 2006 /var/www/html/site/cgi-bin/vqadmin/vqadmin.cgi
-rwsr-sr-x 1 557 127196 Nov 17 2006 /var/www/html/site/cgi-bin/qmailadmin
-rwsr-xr-x 1 root 31244 Sep 26 12:34 /bin/ping6
-rwsr-xr-x 1 root 23960 Oct 26 19:12 /bin/su

Thank you.

I'm open to correction here, but IME distros do not put suid/sgid on a file/dir lightly.
Frankly, I'd leave well alone unless it's an amendment since the orig install.

rpm -Va

will check this on an RH/Fedora/Centos system.

The only ones that look odd to me are /var/www... but I'll leave that to the experts.

Thanks for your response.

The /var/www ones are applications I installed.

So I guess I just need to keep an eye on further suid programs that show up beyond this list.

Yeah, that rpm cmd works on rpm based systems; shows you what is different now to installation settings; see man page. Very useful.
You can use http://www.cyberciti.biz/tips/reset-...ermission.html to revert to orig settings.