Hi I have a question on security of local comms with osquery

Question

Hi I have a question on security of local comms with osqueryd over thrift using go library It looks like the client transport is not using TLS socket Any thought on this < zwass>

Aleksandr Maus · Answer

found that the documentation mentions Extensions may only communicate if the processes can read write to this socket An extension process running as a non privileged user cannot register plugins to an `osqueryd` process running as root

seph · Answer

Is this Kolide specific If not maybe < C9CRTU9CY|golang> But I ll try to answer Thrift communucation is using a named pipe on windows and a local socket on macos linux This uses local filesystem permissions to gate access

seph · Answer

I don t think TLS there would make much sense It is not a localhost tcp connection

Aleksandr Maus · Answer

Thank you bow

Aleksandr Maus · Answer

asked in the kolide chat because it was in the <http github com kolide osquery go|github com kolide osquery go> before

seph · Answer

We handed it to the osquery foundation some time ago Now kolide is primarily for our product