https://github.com/osquery/osquery logo
Title
a

AP

01/07/2021, 7:33 PM
z

zwass

01/07/2021, 7:39 PM
That's @Mike Myers
m

Mike Myers

01/07/2021, 7:40 PM
Yea I'm going to get back to that today
It should be possible to do what Teddy is asking for, but changing the Trustee on the first ACE to "Creator Owner" didn't have the desired effect. The extension was getting 'access denied', despite the pipe being supposedly RW for the user that invoked
osqueryi
So, I have to figure out why that is
a

AP

01/08/2021, 6:42 PM
@Mike Myers I have example of code that reads account ACL under which osqueryd running and assigns to named pipe. I can share with you if you like this way. Please let me know
m

Mike Myers

01/08/2021, 7:00 PM
Yes, I would be interested in this. I was trying to avoid writing code for fetching the user's SID, but I was not successful yet in using a well-known SID string.
Hey @AP I merged the fix already so thanks but I'm good now
a

AP

01/13/2021, 9:23 PM
ups, sorry, did not see this message earlier.