Channels
  • z

    Zach Zeid

    1 year ago
    with
    4.6.0
    cut, when will it be available via package manager? The site still shows
    4.5.1
    as being the latest.
  • a

    alessandrogario

    1 year ago
    We usually upload packages here after a tag is made; we then wait ~a week and if everything is good it becomes a stable release
  • z

    Zach Zeid

    1 year ago
    ok, so if we wanted to remediate the security vuln via package manager we'll wait until i'ts marked stable?
  • s

    seph

    1 year ago
    Yes. Or build your own. Or filter it at a central point.
  • z

    Zach Zeid

    1 year ago
    I was confused by that, “filter it at a central point”, is “it” the new version?
  • theopolis

    theopolis

    1 year ago
    I believe seph means filter within the tool you use to run distributed queries.
    Do you allow a broad set of folks to run queries, using some UI or tool like Fleet?
  • z

    Zach Zeid

    1 year ago
    Ah no, that's not something we have enabled here. It seems to me that the exposure here is through
    distributed
    endpoints, so if someone had access to a box w/ osquery on it, the most they could do is write to files on that box?
  • s

    seph

    1 year ago
    theopolis did intuit what I meant 🙂
  • z

    Zach Zeid

    1 year ago
    Thank you 😄
  • s

    seph

    1 year ago
    The exposure is that someone who has administrative access (either via the schedule or the distributed interface) can write arbitrary sqlite files. If you don’t have any kind of central osquery control I don’t see how you have any risk exposure
    Also note that it’s writing arbitrary _sqlite_ files. Not arbitrary files. Which is slightly less bad
  • z

    Zach Zeid

    1 year ago
    ...someone who has administrative access... that reads to me someone whose on a box running
    sudo osqueryi
    and writing arbitrary sqlite files to disk. Which could also be done via any fleet manager that has
    distributed
    enabled?
  • s

    seph

    1 year ago
    yes to both of those.