Linux folks, what do you think of <https://github....
# linuxt
theopolis
01/17/2020, 11:08 PM
Linux folks, what do you think of https://github.com/osquery/osquery/pull/6180/files
s
sundsta
01/18/2020, 5:23 AMI don’t understand the purpose of the PR given that
osquerydt
theopolis
01/18/2020, 1:34 PM
You may want to run extensions as non-root. Right now that is not possible due to permissions on the socket. It is a good thing the socket permissions are restrictive because access allows you to query any data as root.
s
sundsta
01/18/2020, 11:12 PMAh I didn’t realize the extensions could run under a different user/group. In that case, the PR is fine from my view. Overall, I am more interested in running the whole thing as non-root and using Linux capabilities to restrict the access (https://github.com/osquery/osquery/issues/6121)
s
seph
01/19/2020, 1:34 PM
My initial thought is that it seems fine? If we're already trusting posix auth, group writable is okay
u
8p8c
01/30/2020, 1:22 AMimo, not a bad idea.
3 Views