On Sun, 19 Mar 2006, eric wrote:
> On Sun, 2006-03-19 at 20:18:11 +0300, Alex B proclaimed...
>
> > Hello.
> >
> > Yes, I'm certain. It is the first check after start. So, it doesn't
> > depend on my
> > command line.
> >
> > Take a look on "Privelege sepation",
> > http://undeadly.org/cgi?action=article&sid=20040220120426
> >
>
> It worked till 3.7.
>
> $ id
> uid=1002(eric) gid=20(staff) groups=20(staff), 0(wheel),
>
> $ tcpdump -nr foo.cap | wc -l
> 124
>
> $ uname -a
> OpenBSD foo 3.7 GENERIC#50 i386
This has been changed for a good reason.
To provide maximum protection, the unprvivileged process of tcpdump
needs to run in a chroot. To be able to chroot, it needs root.
Many people believe reading a packet dump is less dangerous than
reading from a network interface. This is a myth.
-Otto
