Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
a
Aleksandr Maus
03/14/2022, 2:56 PMHi! I have a question on security of local comms with osqueryd over thrift using go library.
It looks like the client transport is not using TLS socket:
https://github.com/osquery/osquery-go/blob/master/transport/transport.go#L31
Any thought on this? @zwass ?
found that the documentation mentions
“Extensions may only communicate if the processes can read/write to this socket. An extension process running as a non-privileged user cannot register plugins to an
osqueryds
seph
03/14/2022, 3:45 PMIs this Kolide specific? If not, maybe #golang? But I’ll try to answer…
Thrift communucation is using a named pipe on windows, and a local socket on macos/linux. This uses local filesystem permissions to gate access.
I don’t think TLS there would make much sense. It is not a localhost tcp connection
a
Aleksandr Maus
03/14/2022, 7:50 PMThank you! 🙇
asked in the kolide chat because it was in the github.com/kolide/osquery-go before
s
seph
03/14/2022, 8:26 PMWe handed it to the osquery foundation some time ago. Now #kolide is primarily for our product.