https://github.com/osquery/osquery logo
#linux
Title
# linux
t

theopolis

01/17/2020, 11:08 PM
Linux folks, what do you think of https://github.com/osquery/osquery/pull/6180/files
s

sundsta

01/18/2020, 5:23 AM
I don’t understand the purpose of the PR given that
osqueryd
runs as root
t

theopolis

01/18/2020, 1:34 PM
You may want to run extensions as non-root. Right now that is not possible due to permissions on the socket. It is a good thing the socket permissions are restrictive because access allows you to query any data as root.
s

sundsta

01/18/2020, 11:12 PM
Ah I didn’t realize the extensions could run under a different user/group. In that case, the PR is fine from my view. Overall, I am more interested in running the whole thing as non-root and using Linux capabilities to restrict the access (https://github.com/osquery/osquery/issues/6121)
s

seph

01/19/2020, 1:34 PM
My initial thought is that it seems fine? If we're already trusting posix auth, group writable is okay
u

8p8c

01/30/2020, 1:22 AM
imo, not a bad idea.
3 Views