Title
#extensions
d

diptivs

06/10/2020, 10:44 PM
hi all, If I have my custom extension, How do I restrict access of my extension only to my APP. I don't want to use remote setting. I want my APP to collect data and send to my server. any suggestions/ pointers?
s

seph

06/11/2020, 5:19 AM
I don’t understand this question. Can you describe more?
d

diptivs

06/11/2020, 5:33 AM
I have some APP specific data which I want to share with other applications. I created osquery extension, so that other applications can query my APP specific data. But i do not want to expose that data to anyone and everyone. I want to give access only to whitelisted applications. Does that help @seph
s

seph

06/11/2020, 2:15 PM
osquery doesn’t really have access controls, per se. But there are all the underlying OS permissions.
2:16 PM
The part that confusions me, is how osquery fits in. How are applications using osquery to get this data at all?
2:17 PM
Is there an osqueryi invocation? Is there an osqueryd running somewhere? How is the underlying data protected? If don’t want appX to access it, what’s preventing it from hitting the underlying API directly?
d

diptivs

06/11/2020, 4:23 PM
seph:kolide: osquery doesn’t really have access controls, per se. But there are all the underlying OS permissions.dipti: Agree. So if I understand correctly, extension withing itself runs as a process and listens on socket. To start with, I was trying to add some SSL handshake on socket, some process which has keys can only connect to socket of extension. But if i understand correctly, external process connects on unix socket of osqueryd and then osqueryd connects with extensions socket. i do not want to add that SSL configuration to complete osqueryd because there might be some other extensions loaded by osqueryd which does not need SSL. Do I make sense? seph:kolide: The part that confusions me, is how osquery fits in. How are applications using osquery to get this data at all?dipti: My extension does IPC with my process to fetch data. That all looks ok for now. You may assume that extension table has all required data. seph:kolide: Is there an osqueryi invocation? Is there an osqueryd running somewhere? How is the underlying data protected? If don’t want appX to access it, what’s preventing it from hitting the underlying API directly?dipti: nothing is preventing for now. That is my question, how do I prevent it 😃
s

seph

06/11/2020, 5:36 PM
The extension runs on a process and communicates by socket, yes. But that’s lauched by osquery. (usually)
5:36 PM
It’s not like it’s running independantly.
5:36 PM
I think we’re still not quite communicating.
5:37 PM
You have a process and you’re exposing information via IPC. How is that normally protected?
d

diptivs

06/11/2020, 5:59 PM
@Arun Thotta here :this:
5:23 AM
I will do some more tests and get back to you @seph