Title
#kolide
a

Aleksandr Maus

03/14/2022, 2:56 PM
Hi! I have a question on security of local comms with osqueryd over thrift using go library. It looks like the client transport is not using TLS socket:https://github.com/osquery/osquery-go/blob/master/transport/transport.go#L31 Any thought on this? @zwass ?
3:08 PM
found that the documentation mentions “Extensions may only communicate if the processes can read/write to this socket. An extension process running as a non-privileged user cannot register plugins to an
osqueryd
process running as root”
s

seph

03/14/2022, 3:45 PM
Is this Kolide specific? If not, maybe #golang? But I’ll try to answer… Thrift communucation is using a named pipe on windows, and a local socket on macos/linux. This uses local filesystem permissions to gate access.
3:45 PM
I don’t think TLS there would make much sense. It is not a localhost tcp connection
a

Aleksandr Maus

03/14/2022, 7:50 PM
Thank you! 🙇
7:54 PM
asked in the kolide chat because it was in the github.com/kolide/osquery-go before
s

seph

03/14/2022, 8:26 PM
We handed it to the osquery foundation some time ago. Now #kolide is primarily for our product.