Since we now drop privileges to UID/GID "tcpdump", I see no reason why we should not use the builtin chroot-function. This was included in the version 3.9.3 (July 2005) and can be defined at built time with the --with-chroot=DIR switch. This does no harm and can provide a small security benefit. An example patch is included (if nothing else, to demonstrate the little work involved). Thank you.
Created attachment 135988 [details, diff] example patch
Alternatively, if the global option is not suitable in some settings, we could provide the chroot-option as an use flag.
Add chroot use flag in cvs
Cédric why do you think we need USE flag for this feature? It seems better to have it enabled by default, or what do you think?
(In reply to comment #4) > Cédric why do you think we need USE flag for this feature? It seems better to > have it enabled by default, or what do you think? > I think it is more in the way gentoo works. As the mainstream put it as an option in the configure script, I think it is better to keep it also. But I'm not against enabled it by default, we can perhaps use the EAPI=1 and add +chroot
