Hi! I have a question on security of local comms w...
# kolidea
Aleksandr Maus
03/14/2022, 2:56 PMHi! I have a question on security of local comms with osqueryd over thrift using go library.
It looks like the client transport is not using TLS socket:
https://github.com/osquery/osquery-go/blob/master/transport/transport.go#L31
Any thought on this? @zwass ?
Aleksandr Maus
03/14/2022, 3:08 PMfound that the documentation mentions
“Extensions may only communicate if the processes can read/write to this socket. An extension process running as a non-privileged user cannot register plugins to an
osqueryds
seph
03/14/2022, 3:45 PM
Is this Kolide specific? If not, maybe #golang? But I’ll try to answer…
Thrift communucation is using a named pipe on windows, and a local socket on macos/linux. This uses local filesystem permissions to gate access.
seph
03/14/2022, 3:45 PM
I don’t think TLS there would make much sense. It is not a localhost tcp connection
a
Aleksandr Maus
03/14/2022, 7:50 PMThank you! 🙇
Aleksandr Maus
03/14/2022, 7:54 PMasked in the kolide chat because it was in the github.com/kolide/osquery-go before
s
seph
03/14/2022, 8:26 PM
We handed it to the osquery foundation some time ago. Now #kolide is primarily for our product.
2 Views