diff -ur tcpdump-2004.01.21.droproot/acconfig.h tcpdump-2004.01.21.dropbydefault/acconfig.h
--- tcpdump-2004.01.21.droproot/acconfig.h	Wed Nov 19 01:09:42 2003
+++ tcpdump-2004.01.21.dropbydefault/acconfig.h	Wed Jan 21 19:43:24 2004
@@ -126,3 +126,6 @@
 
 /* Define if you have a dnet_htoa declaration in <netdnet/dnetdb.h>.  */
 #undef HAVE_NETDNET_DNETDB_H_DNET_HTOA
+
+/* define if should drop privileges by default */
+#undef WITH_USER
diff -ur tcpdump-2004.01.21.droproot/configure.in tcpdump-2004.01.21.dropbydefault/configure.in
--- tcpdump-2004.01.21.droproot/configure.in	Thu Jan 15 21:53:48 2004
+++ tcpdump-2004.01.21.dropbydefault/configure.in	Wed Jan 21 19:43:24 2004
@@ -102,6 +102,15 @@
 	;;
 esac
 
+AC_ARG_WITH(user, [  --with-user=USERNAME    drop privileges by default to USERNAME])
+AC_MSG_CHECKING([whether to drop root privileges by default])
+if test ! -z "$with_user" ; then
+        AC_DEFINE_UNQUOTED(WITH_USER, "$withval")
+       AC_MSG_RESULT(to \"$withval\")
+else
+       AC_MSG_RESULT(no)
+fi
+
 AC_MSG_CHECKING([whether to enable ipv6])
 AC_ARG_ENABLE(ipv6,
 [  --enable-ipv6           enable ipv6 (with ipv4) support
diff -ur tcpdump-2004.01.21.droproot/tcpdump.1 tcpdump-2004.01.21.dropbydefault/tcpdump.1
--- tcpdump-2004.01.21.droproot/tcpdump.1	Wed Jan 21 19:36:41 2004
+++ tcpdump-2004.01.21.dropbydefault/tcpdump.1	Wed Jan 21 19:50:36 2004
@@ -551,6 +551,8 @@
 .I user
 and the group ID to the primary group of
 .IR user .
+.IP
+This behavior can also be enabled by default at compile time.
 .IP "\fI expression\fP"
 .RS
 selects which packets will be dumped.
diff -ur tcpdump-2004.01.21.droproot/tcpdump.c tcpdump-2004.01.21.dropbydefault/tcpdump.c
--- tcpdump-2004.01.21.droproot/tcpdump.c	Wed Jan 21 19:33:42 2004
+++ tcpdump-2004.01.21.dropbydefault/tcpdump.c	Wed Jan 21 19:44:47 2004
@@ -896,6 +896,16 @@
 		(void)fprintf(stderr, "%s: pcap_loop: %s\n",
 		    program_name, pcap_geterr(pd));
 	}
+#ifdef WITH_USER
+	/* if run as root, drop root; protect against remote sec problems */
+	if (getuid() == 0 || geteuid() == 0) {
+		/* Run with '-Z root' to restore old behaviour */ 
+		if (!username) {
+			droproot(WITH_USER);
+			/* does not return if fails */
+		}
+	}
+#endif
 	if (RFileName == NULL) {
 		/*
 		 * We're doing a live capture.  Report the capture