Toolkit programs are installed in /usr/local/bin with owner root and group root (chown root:root) and with read and execute permissions for owner, group and others (chmod 0555). This lets anyone execute these programs even though they are owned by user root.

Additionally, programs that send raw Ethernet frames are installed with seteuid owner (chmod 4555) so that they will execute with root user privileges, regardless of the user executing them. This lets any user send raw Ethernet frames but it also presents a security risk on the host computer. For example, program int6k is intended to read and write .nvm and .pib files but a malicious user could use it to overwrite other files normally protected by standard file permissions.

You can change the default file permissions by changing the -m 4555 option on the install command in various Makefiles. Be aware that doing so will restrict program access to the the root user.