Source: tcpdump Version: 4.9.2-3 Severity: wishlist Hi,
tcpdump is apparently able to drop its root privileges to run as an unprivileged user. In RHEL they are passing "--with-user=tcpdump" to the configure. It's important to note that the files written by tcpdump will also be owned by the "tcpdump" user Kind regards, Laurent Bigonville -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.2.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
