OSqueryd (daemon) is based on SQLite and executes on node with root privilege Have osquery binaries been evaluated for SQL injection kind of attacks ? I understand it fetches data from virtual database , any possibility of dropping binaries and gaining root shell ( common pattern of SQL injection attacks ) ?
Generally speaking, one does not expose osquery to untrusted parties. So sql injection isn’t the highest risk.
To be able to execute sql inside osquery, you implicitly have access to osquery. Which generally is presenting a lot of information already. Granted, not the same as being able to write in a root context.