Steve Grubb from Red Hat discovered that a patch for arpwatch in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses.