Capabilities allow you to set certain system wide permissions on what actions are allowed or disallowed. If you disable CAP_SETUID then it's impossible for any program to transfer the UID. With LIDS you can enable/disable certain capabilities for certain programs. The function of each capability is described in /etc/lids/lids.cap or in /path/to/lidstools/example/lids.cap if you didn't install LIDS yet.