This problem was actually brought up in the breakout chats at Querycon last year
t
Tao Jiang
12/08/2020, 10:23 PM
Nice to know. Was there any suggestion on this?
m
Mike Myers
12/08/2020, 11:05 PM
It wasn't clear to us at the time if it was a Thrift problem or our problem, and I guess nobody acted on it. I think we could look at it now. Is there an issue to track it?
Interesting, this is pretty serious as by design the API would allow anyone to stop osquery or alter its data.
g
Grant
12/17/2020, 12:12 AM
Hello guys, is there a workaround or process on this issue? Thanks!
t
theopolis
12/17/2020, 3:23 AM
I don't think there is, but I think a first step is to update the Thrift version we use and check if the Windows pipe integration applies the intended permissions.