The line:

<EMERG> unauthorized gid 0 [1] root

...does not mean that the user 'root' has an unauthorized
GID of 0 but, that a member of the group 'root' has an
unauthorized gid of 0.

When sas gives a WARN or EMERG output that you don't think
is important you should manually check the files involved.
It is recommended that you do not use the username-only
option ('-u'), as this may confuse the output.

Using the system calls, via the option '-s', will not
detect all possible errors.

The sas programmers make no claims as to the security of
the sas code.  The sas code uses certain library functions
that may be exploitable for buffer overflows.

Be warned that sas directly opens the password and group
files and an inopportune system crash may leave these files
corrupted.  It is recommended that you backup the password
and group files to a new location before a sas scan.

Remember, their is nothing more sane than checking the
password and group files manually.
