If all I give a program of root's privileges is Raw Socket privileges it is damned hard for the cracker to do much. Stuff can be done but it is a lot easier if you have all of roots permissions.
What you do is patch the kernal so there is a new privilege type that is user plus raw socket privileges. That lets SMTP servers run with just uers privileges ( it is the SMTP relay component's DNS resolver that needs the raw Sockets). You don't need raw sockets for FTP.
Making a program have root privileges in order to do raw sockets is the same thing Bill Gates can be accused off doing ... that is sort of.
However NT contained an undocumented feature that allowed an ordinary user to run a dll that could create raw sockets. Did you ever wonder how you can run ping on an NT/2000 server with just user privileges? PING needs raw sockets. I figured if PING could do it I could too. And I did.
I reverse engineered the Dll that PING called to create the raw socket so a program that knew how could create raw sockets could do so with ordinary user privilges.
I wrote the SMTP, POP3 and IMAP4 components that are included with Delphi. I also wrote the DNS Resolver component. My code created Raw sockets with out administrator (root) privilges on Windows NT, 2000 and XP Server and Advanced server.
Microsoft later changed their documentation after people started asking how I did it. In my reverse engineering I discovered that Microsoft had taken the BSD UNIX socket code and only modified it so it would compile with the MS C++ compiler. That was a real discovery. It meant I could use UNIX source to understand windows code.