OSqueryd (daemon) is based on SQLite and executes on node with root privilege Have osquery binaries been evaluated for SQL injection kind of attacks ? I understand it fetches data from virtual database , any possibility of dropping binaries and gaining root shell ( common pattern of SQL injection attacks ) ?
Generally speaking, one does not expose osquery to untrusted parties. So sql injection isn’t the highest risk.
seph
08/28/2020, 7:17 PM
To be able to execute sql inside osquery, you implicitly have access to osquery. Which generally is presenting a lot of information already. Granted, not the same as being able to write in a root context.