found that the documentation mentions
“Extensions may only communicate if the processes can read/write to this socket. An extension process running as a non-privileged user cannot register plugins to an
osqueryd
process running as root”
s
seph
03/14/2022, 3:45 PM
Is this Kolide specific? If not, maybe #golang? But I’ll try to answer…
Thrift communucation is using a named pipe on windows, and a local socket on macos/linux. This uses local filesystem permissions to gate access.
I don’t think TLS there would make much sense. It is not a localhost tcp connection