with `4 6 0` cut when will it be available via package manag

Question

with `4 6 0` cut when will it be available via package manager The site still shows `4 5 1` as being the latest

alessandrogario · Answer

We usually upload packages here after a tag is made we then wait ~a week and if everything is good it becomes a stable release

Zach Zeid · Answer

ok so if we wanted to remediate the security vuln via package manager we ll wait until i ts marked stable

seph · Answer

Yes Or build your own Or filter it at a central point

Zach Zeid · Answer

I was confused by that filter it at a central point is it the new version

theopolis · Answer

I believe seph means filter within the tool you use to run distributed queries

theopolis · Answer

Do you allow a broad set of folks to run queries using some UI or tool like Fleet

Zach Zeid · Answer

Ah no that s not something we have enabled here It seems to me that the exposure here is through `distributed` endpoints so if someone had access to a box w osquery on it the most they could do is write to files on that box

seph · Answer

theopolis did intuit what I meant slightly smiling face

Zach Zeid · Answer

Thank you smile

seph · Answer

The exposure is that someone who has administrative access either via the schedule or the distributed interface can write arbitrary sqlite files If you don t have any kind of central osquery control I don t see how you have any risk exposure

seph · Answer

Also note that it s writing arbitrary sqlite files Not arbitrary files Which is slightly less bad

Zach Zeid · Answer

gt someone who has administrative access that reads to me someone whose on a box running `sudo osqueryi` and writing arbitrary sqlite files to disk Which could also be done via any fleet manager that has `distributed` enabled

seph · Answer

yes to both of those

Zach Zeid · Answer

Got just making sure I understand the risk here smile Thanks