Solved

Win 7/8 normal user needs access to raw sockets

Posted on 2015-01-26
16
1,256 Views
Last Modified: 2015-03-23
We are building a busybox script to run under windows 7/8 but have run into a problem where running some commands either from a script or command line gives us a 'raw socket' error. In other words, the only way to run the command is to become admin.

A good example of this would be being either at the command line or using GUI based WinMTR.
The tool doesn't want to run, showing an error of 'Unable to get raw socket'.

What could I do to allow this tool and perhaps others to run by giving them access to raw sockets?
Am I missing a dll or a permission on win?

Thanks.
0
Comment
Question by:projects
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 4
  • +1
16 Comments
 
LVL 5

Expert Comment

by:R. Toby Richards
ID: 40570956
Sorry, but it seems this is a no-go.

From https://msdn.microsoft.com/en-us/library/windows/desktop/ms740548%28v=vs.85%29.aspx

To use a socket of type SOCK_RAW requires administrative privileges. Users running Winsock applications that use raw sockets must be a member of the Administrators group on the local computer, otherwise raw socket calls will fail with an error code of WSAEACCES. On Windows Vista and later, access for raw sockets is enforced at socket creation. In earlier versions of Windows, access for raw sockets is enforced during other socket operations.
0
 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 40570990
Scripts that use high privileges but need to be startable by a non-admin can be provided by the task scheduler.
The user gets the permission to run (but not modify) the task with different credentials. This is secure as long as the script that is being executed
A is not modifiable (read-only) for the user and
B does not require user interaction (=may run invisible)

If you need instructions, just say.
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 40571706
raw sockets have been depreciated since windows xp sp2 and allowing access to them is a definite security no-no
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:projects
ID: 40575435
So how does one go about building an app for windows 7/8 then?
The app is basically a Linux script being converted to run on Win using busybox.
So far, we have the script converted but keep running into privilege problems which prevent certain parts from working.

It needs only initiated outgoing tcp/ip and icmp access along with responses back from the remote server.
0
 
LVL 5

Expert Comment

by:R. Toby Richards
ID: 40575462
What if you run the Linux script in Cygwin?
0
 

Author Comment

by:projects
ID: 40575476
How will that change anything? They both do similar things, just that Cygwin is massively bloated compared to bb.
0
 

Author Comment

by:projects
ID: 40575482
In the long run, what we were hoping to do is to convert the Linux script, which is in fact part of an application, into a windows service, to be installed and running when the user starts the pc.

Have not found a solution on how to do this so the only way we know of at this time is to use an interpreter such as bb (and we worked with cygwin as well earlier).
0
 
LVL 5

Accepted Solution

by:
R. Toby Richards earned 250 total points
ID: 40575489
If the app will run as a service then needing admin rights shouldn't be a problem. Run the service as the local service account, which does have admin rights.
0
 

Author Comment

by:projects
ID: 40575632
Actually, that is what I was asking about, how I could turn this into an app or service. If I do that, then it will have the permissions it needs.
0
 
LVL 5

Expert Comment

by:R. Toby Richards
ID: 40575910
That is a question for Programming > MS Development
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40575932
I provided a possible solution, you did not give feedback yet. Did you understand the line of thought?
0
 

Author Comment

by:projects
ID: 40575938
Yes, your answer partly lead us to re-building using C instead of trying to make this work any other way.

Thanks.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40576064
If you were using the busybox port for windows, why shouldn't this work as a task? So why rebuild it?
0
 

Author Comment

by:projects
ID: 40681045
It ends up being simpler to build from scratch using C than to try converting Linux scripts to work on win using things like cygwin/bb.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40681825
I wonder why you even think about converting. Busybox has a windows port, so the scripts would work without doing any converting right away.
0
 

Author Comment

by:projects
ID: 40683031
The developer insisted that it would be simpler, less bulky to have a win app written in C++ QT instead of trying to maintain a Linux script using Cygwin or BB. Some of the tools we needed didn't exist in either of those either.

I don't know, to be honest, I wanted to maintain the Linux code for both Linux and Win. It would have been simpler than having to maintain two completely different sets of code now.

I would have the same issues no matter which way I went.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question