Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
t
theopolis
01/17/2020, 11:08 PMLinux folks, what do you think of https://github.com/osquery/osquery/pull/6180/files
s
sundsta
01/18/2020, 5:23 AMI don’t understand the purpose of the PR given that
osquerydt
theopolis
01/18/2020, 1:34 PMYou may want to run extensions as non-root. Right now that is not possible due to permissions on the socket. It is a good thing the socket permissions are restrictive because access allows you to query any data as root.
s
sundsta
01/18/2020, 11:12 PMAh I didn’t realize the extensions could run under a different user/group. In that case, the PR is fine from my view. Overall, I am more interested in running the whole thing as non-root and using Linux capabilities to restrict the access (https://github.com/osquery/osquery/issues/6121)
s
seph
01/19/2020, 1:34 PMMy initial thought is that it seems fine? If we're already trusting posix auth, group writable is okay
u
8p8c
01/30/2020, 1:22 AMimo, not a bad idea.