?
Solved

Win 7/8 normal user needs access to raw sockets

Posted on 2015-01-26
16
Medium Priority
?
1,354 Views
Last Modified: 2015-03-23
We are building a busybox script to run under windows 7/8 but have run into a problem where running some commands either from a script or command line gives us a 'raw socket' error. In other words, the only way to run the command is to become admin.

A good example of this would be being either at the command line or using GUI based WinMTR.
The tool doesn't want to run, showing an error of 'Unable to get raw socket'.

What could I do to allow this tool and perhaps others to run by giving them access to raw sockets?
Am I missing a dll or a permission on win?

Thanks.
0
Comment
Question by:projects
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 4
  • +1
16 Comments
 
LVL 5

Expert Comment

by:R. Toby Richards
ID: 40570956
Sorry, but it seems this is a no-go.

From https://msdn.microsoft.com/en-us/library/windows/desktop/ms740548%28v=vs.85%29.aspx

To use a socket of type SOCK_RAW requires administrative privileges. Users running Winsock applications that use raw sockets must be a member of the Administrators group on the local computer, otherwise raw socket calls will fail with an error code of WSAEACCES. On Windows Vista and later, access for raw sockets is enforced at socket creation. In earlier versions of Windows, access for raw sockets is enforced during other socket operations.
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 40570990
Scripts that use high privileges but need to be startable by a non-admin can be provided by the task scheduler.
The user gets the permission to run (but not modify) the task with different credentials. This is secure as long as the script that is being executed
A is not modifiable (read-only) for the user and
B does not require user interaction (=may run invisible)

If you need instructions, just say.
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40571706
raw sockets have been depreciated since windows xp sp2 and allowing access to them is a definite security no-no
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 

Author Comment

by:projects
ID: 40575435
So how does one go about building an app for windows 7/8 then?
The app is basically a Linux script being converted to run on Win using busybox.
So far, we have the script converted but keep running into privilege problems which prevent certain parts from working.

It needs only initiated outgoing tcp/ip and icmp access along with responses back from the remote server.
0
 
LVL 5

Expert Comment

by:R. Toby Richards
ID: 40575462
What if you run the Linux script in Cygwin?
0
 

Author Comment

by:projects
ID: 40575476
How will that change anything? They both do similar things, just that Cygwin is massively bloated compared to bb.
0
 

Author Comment

by:projects
ID: 40575482
In the long run, what we were hoping to do is to convert the Linux script, which is in fact part of an application, into a windows service, to be installed and running when the user starts the pc.

Have not found a solution on how to do this so the only way we know of at this time is to use an interpreter such as bb (and we worked with cygwin as well earlier).
0
 
LVL 5

Accepted Solution

by:
R. Toby Richards earned 1000 total points
ID: 40575489
If the app will run as a service then needing admin rights shouldn't be a problem. Run the service as the local service account, which does have admin rights.
0
 

Author Comment

by:projects
ID: 40575632
Actually, that is what I was asking about, how I could turn this into an app or service. If I do that, then it will have the permissions it needs.
0
 
LVL 5

Expert Comment

by:R. Toby Richards
ID: 40575910
That is a question for Programming > MS Development
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40575932
I provided a possible solution, you did not give feedback yet. Did you understand the line of thought?
0
 

Author Comment

by:projects
ID: 40575938
Yes, your answer partly lead us to re-building using C instead of trying to make this work any other way.

Thanks.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40576064
If you were using the busybox port for windows, why shouldn't this work as a task? So why rebuild it?
0
 

Author Comment

by:projects
ID: 40681045
It ends up being simpler to build from scratch using C than to try converting Linux scripts to work on win using things like cygwin/bb.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40681825
I wonder why you even think about converting. Busybox has a windows port, so the scripts would work without doing any converting right away.
0
 

Author Comment

by:projects
ID: 40683031
The developer insisted that it would be simpler, less bulky to have a win app written in C++ QT instead of trying to maintain a Linux script using Cygwin or BB. Some of the tools we needed didn't exist in either of those either.

I don't know, to be honest, I wanted to maintain the Linux code for both Linux and Win. It would have been simpler than having to maintain two completely different sets of code now.

I would have the same issues no matter which way I went.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Assume you have an outside contractor who comes in seasonally or once a week to do some work in your office, but you only want to give him access to the programs and files he needs and keep all other documents and programs private. Can you do this o…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question