I think the point is that so what if you don't run these tools as root?
If a malicious actor compromises your normal user account, they can also compromise your configuration files and alias sudo or set up a keylogger or do all kinds of nasty stuff.
Going from standard user to root isn't much of a challenge for all but the most minimal infections in almost every standard setup for common Linux distributions.
Malicious hackers don't need anything other than your current user permissions anyway; your API/ssh keys/crypto wallets are all stored in your home directory or other places a malicious program can get access to.
There are exceptions, but I very much doubt that most people develop on QubesOS levels of Linux security.
There is no practical antivirus software on Linux that will catch anyone sophisticated enough to exploit tcpdump. You need a LOT of know-how to run a "safe" Linux system that you're more likely to learn as a sysadmin than as a developer. Security is hard, especially on the Linux desktop, and it will be as long as attempts to add it are met with responses like "they're trying to take our freedom away".
Common internet resources aren't much better ("just disable selinux") and current solutions for usability problems in this space (i.e. sandboxed applications not being able to access the directories you chose because they don't correspond to what the dev expected) aren't very great either.
I definitely think we should use the resources for secure desktop computing that we do have, which includes running tshark and friends at the lowest level of privilege possible, but I can definitely understand why people ask "why should I bother" when most of their setup runs at Windows XP levels of security out of the box.
> Malicious hackers don't need anything other than your current user permissions anyway; your API/ssh keys/crypto wallets are all stored in your home directory or other places a malicious program can get access to.
I mean, are you really running tcpdump on your local computer? I imagine you would be running it on the server you are trying to debug. So the security setup would plausibly be a bit different than that.
But generally i agree. Good practise not to run things as root, especially this type of tooling, but its not exactly putting your private key into a public git repo level of insecurity by any means.
> I mean, are you really running tcpdump on your local computer?
I did several times when I needed to debug or record some traffic because I couldn't figure out why some application wasn't communicating right. Wireshark quickly got overwhelmed with packets so I used tcpdump instead.
I'm most likely running tcpdump on (near) production servers because it's often a tool of last result, but sometimes it's just the right tool for the job (or just as good a tool as the fancier ones, and why not stick to the universal solution?).
If a malicious actor compromises your normal user account, they can also compromise your configuration files and alias sudo or set up a keylogger or do all kinds of nasty stuff.
Going from standard user to root isn't much of a challenge for all but the most minimal infections in almost every standard setup for common Linux distributions.
Malicious hackers don't need anything other than your current user permissions anyway; your API/ssh keys/crypto wallets are all stored in your home directory or other places a malicious program can get access to.
There are exceptions, but I very much doubt that most people develop on QubesOS levels of Linux security.
There is no practical antivirus software on Linux that will catch anyone sophisticated enough to exploit tcpdump. You need a LOT of know-how to run a "safe" Linux system that you're more likely to learn as a sysadmin than as a developer. Security is hard, especially on the Linux desktop, and it will be as long as attempts to add it are met with responses like "they're trying to take our freedom away".
Common internet resources aren't much better ("just disable selinux") and current solutions for usability problems in this space (i.e. sandboxed applications not being able to access the directories you chose because they don't correspond to what the dev expected) aren't very great either.
I definitely think we should use the resources for secure desktop computing that we do have, which includes running tshark and friends at the lowest level of privilege possible, but I can definitely understand why people ask "why should I bother" when most of their setup runs at Windows XP levels of security out of the box.