Note the existence, in at least some Linux kernels, of capability bits
that could, in theory, let non-root users capture packets, if there were
userland support for giving particular accounts capability bits and
having them set on their login processes when they log in.
Note that Mac OS X is like the other BSDs, in that all you need in order
to capture is read access on the BPF devices. Note also that on BSDs
with a devfs (which includes Mac OS X), giving a user that access isn't
as easy as running "chown" or "chmod" once.
projects / tcpdump / commit
