In counter to the original bug that requested this be done (bug 176391), I'm requesting this behavior be disabled by default unless managed by a USE flag.
My first concern with this is that it fails to work on gentoo-alt platforms that are prefixed, like OS X. The enewgroup() and enewuser() calls are NOPed there, so although building and installation silently work, actually using the tool thereafter results in failures because the tcpdump user cannot be identified.
Additionally, when beginning a capture with -G (split by time) or -C (split by size), having this configured at compile-time means that although the first capture file is created under the ownership and privileges of the calling user, subsequent ones are not (created as the user tcpdump instead). This, of course, readily causes subtle and late failure due to filesystem permissions.
This choice, in addition to the decision to chroot() by default (bug 334329), represents what I perceive as a series of well-intentioned changes to arguably improve edge-case security in the tcpdump package, but were evidently not thoroughly evaluated or tested for following the principle of least surprise.
Likely it would be optimal to change where/when chroot() or privilege dropping happens within tcpdump itself to make these failures more immediate, but since upstream chose to not set these options by default, they were likely aware of the issues and limitations and elected to instead leave the subsequent complexities to the choice of the user.
*** Bug 375325 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 334329 ***