access to a socket (raw) is forbidden

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Brad Simon - 18 Oct 2004 19:29 GMT

I have a DLL that pings a host via ICMP and raw sockets. It works fine when
I am logged in as an admin, but it does not work for a normal user. I get
this error:

An attempt was made to access a socket in a way forbidden by its access
permissions

I have found out that this is by design, and can be fixed by editing the
registry to stop the security checks on the RAW sockets. I don't like that,
as it opens up other security risks on that PC.

I have tried to set the DLL to have FullTrust permissions, but that does not
seem to be working, either. If I set up FullTrust properly, should that
override that particular Permission problem? I may not have it set up right,
since I have not done anything with setting up security in that manner
before.

If there is another option, I am all ears, but I need that ping utility to
work, as it does a speed test to see how fast the connection to a particular
host is. If there is another way to do a speed test, I am also all ears. As
long as the same problem does not come up for it as well.

I look forward to your replies!

Signature

Thanks,
Brad Simon

Reply to this Message

Sam Santiago - 18 Oct 2004 19:47 GMT

What environment/language are you developing in? With .NET you can
potentially set the thread identity:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlr
fSystemThreadingThreadClassCurrentPrincipalTopic.asp

Thanks,

Sam
_______________________________
Sam Santiago
ssantiago@n0spam-SoftiTechture.com
http://www.SoftiTechture.com
_______________________________

> I have a DLL that pings a host via ICMP and raw sockets. It works fine when
> I am logged in as an admin, but it does not work for a normal user. I get
[quoted text clipped - 19 lines]
>
> I look forward to your replies!

Reply to this Message

Brad Simon - 18 Oct 2004 19:53 GMT

That is a good idea. The DLL is in C#, it is called from a VB .NET
application. How do I set it up to use an administration account, if I don't
know the PWD?

> What environment/language are you developing in? With .NET you can
> potentially set the thread identity:
[quoted text clipped - 38 lines]
> >
> > I look forward to your replies!

Reply to this Message

Sam Santiago - 18 Oct 2004 20:30 GMT

Not sure if you can do it without knowing the password. You could set up a
"service" account - an account explicitly for your application that has
limited admin privileges to allow the socket communication but restrict
other areas.

Thanks,

Sam

Signature

_______________________________
Sam Santiago
ssantiago@n0spam-SoftiTechture.com
http://www.SoftiTechture.com
_______________________________

> That is a good idea. The DLL is in C#, it is called from a VB .NET
> application. How do I set it up to use an administration account, if I don't
> know the PWD?
>
> > What environment/language are you developing in? With .NET you can
> > potentially set the thread identity:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlr
fSystemThreadingThreadClassCurrentPrincipalTopic.asp

> > Thanks,
> >
[quoted text clipped - 33 lines]
> > >
> > > I look forward to your replies!

Reply to this Message

Brad Simon - 18 Oct 2004 20:37 GMT

Unfortunately that is not an option. I am looking into the Impersonate
command, it looks quite tricky, but it may work.

It shouldn't be this hard, but who am I to say :)

> Not sure if you can do it without knowing the password. You could set up a
> "service" account - an account explicitly for your application that has
[quoted text clipped - 60 lines]
> > > >
> > > > I look forward to your replies!

Reply to this Message

Brad Simon - 20 Oct 2004 13:01 GMT

I could not find a way to work with this without opening a security hole. I
have decided to disable this feature in the application.

Reply to this Message

access to a socket (raw) is forbidden

Free Magazines