The patch for tethereal(1) is at
http://www.linbsd.org/setuid_tethereal.patch

This only works for capture mode. It takes an extra -u option for the
user. So create user _ethereal then run
tethereal -Nn -tad -u _ethereal -w foo
or decode the output. Either way this should remove the issue of root.
Same can be applied to ethereal for capture.
Every other condition of just reading traces files should not be done as
root.

I use OpenBSD because on the misc@ and tech@ mailing lists I get to see
more *'s-holes than a Turkish Customs Agent. -Ober

On Thu, 8 Sep 2005, Bruno Rohee wrote:

> On Thu, Sep 08, 2005 at 03:10:41PM +0200, Sebastian .Rother wrote:
>>>
>>> surely, but has security improved? does it have privsep? until that
>>> has changed, ethereal will not come back. sorry.
>>>
>>> jakob
>>
>>
>> Then drop all ports!
>> Has Gnome Priv-Sep? hydra? nmap? KDE? xpdf? XMMS? mplayer?
>
> No one remotely sane run those as root. Another uninformed post of yours.
>
> Capturing traffic by some other mean then analysing it with Ethereal
> under an unprivileged account might be safe, actually capturing an analysing
> traffic with Ethereal is definitely not, given its architecture and
> history of sloppy coding...