Wireshark-dev: Re: [Wireshark-dev] [Fwd: [Wireshark-bugs] [Bug 1741] New: Privilege separation
From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Thu, 16 Aug 2007 10:51:25 -0400
Thomas Anders wrote:
Richard van der Hoff wrote:
Personally, I'd much prefer a popup that I can dismiss than wireshark meddling with my users/groups and dropping privileges.

Is there any good example of another *user application* dropping
privileges as proposed by Gerald? After all, Wireshark isn't a system
daemon like OpenSSH's sshd or Postfix where a dedicated "low privilege"
user makes perfect sense, of course.

Is there another example of a program as big as Wireshark that has to (used to have to) be run as root [to do its work "live"]? And whose entire purpose is to capture stuff off (potentially malicious) networks?