Hi! I have a question on security of local comms w...
# kolide
Hi! I have a question on security of local comms with osqueryd over thrift using go library. It looks like the client transport is not using TLS socket: https://github.com/osquery/osquery-go/blob/master/transport/transport.go#L31 Any thought on this? @zwass ?
found that the documentation mentions “Extensions may only communicate if the processes can read/write to this socket. An extension process running as a non-privileged user cannot register plugins to an
process running as root”
Is this Kolide specific? If not, maybe #golang? But I’ll try to answer… Thrift communucation is using a named pipe on windows, and a local socket on macos/linux. This uses local filesystem permissions to gate access.
I don’t think TLS there would make much sense. It is not a localhost tcp connection
Thank you! 🙇
asked in the kolide chat because it was in the github.com/kolide/osquery-go before
We handed it to the osquery foundation some time ago. Now #kolide is primarily for our product.