It should be possible to do what Teddy is asking for, but changing the Trustee on the first ACE to "Creator Owner" didn't have the desired effect. The extension was getting 'access denied', despite the pipe being supposedly RW for the user that invoked
So, I have to figure out why that is
01/08/2021, 6:42 PM
@Mike Myers I have example of code that reads account ACL under which osqueryd running and assigns to named pipe. I can share with you if you like this way. Please let me know
01/08/2021, 7:00 PM
Yes, I would be interested in this. I was trying to avoid writing code for fetching the user's SID, but I was not successful yet in using a well-known SID string.
Hey @AP I merged the fix already so thanks but I'm good now