https://github.com/osquery/osquery logo
Join Slack
Powered by
with `4.6.0` cut, when will it be available via pa...
# general
z
with 
4.6.0
cut, when will it be available via package manager? The site still shows 
4.5.1
as being the latest.
a
We usually upload packages here after a tag is made; we then wait ~a week and if everything is good it becomes a stable release
z
ok, so if we wanted to remediate the security vuln via package manager we'll wait until i'ts marked stable?
s
Yes. Or build your own. Or filter it at a central point.
z
I was confused by that, “filter it at a central point”, is “it” the new version?
t
I believe seph means filter within the tool you use to run distributed queries.
Do you allow a broad set of folks to run queries, using some UI or tool like Fleet?
z
Ah no, that's not something we have enabled here. It seems to me that the exposure here is through 
distributed
endpoints, so if someone had access to a box w/ osquery on it, the most they could do is write to files on that box?
s
theopolis did intuit what I meant 🙂
z
Thank you 😄
s
The exposure is that someone who has administrative access (either via the schedule or the distributed interface) can write arbitrary sqlite files. If you don’t have any kind of central osquery control I don’t see how you have any risk exposure
Also note that it’s writing arbitrary sqlite files. Not arbitrary files. Which is slightly less bad
z
...someone who has administrative access...
that reads to me someone whose on a box running 
sudo osqueryi
and writing arbitrary sqlite files to disk. Which could also be done via any fleet manager that has 
distributed
enabled?
s
yes to both of those.
z
Got, just making sure I understand the risk here 😄 Thanks!
2 Views
Open in Slack
PreviousNext
Powered by