sephkolide
osquery doesn’t really have access controls, per se. But there are all the underlying OS permissions.
dipti:
Agree. So if I understand correctly, extension withing itself runs as a process and listens on socket. To start with, I was trying to add some SSL handshake on socket, some process which has keys can only connect to socket of extension. But if i understand correctly, external process connects on unix socket of osqueryd and then osqueryd connects with extensions socket. i do not want to add that SSL configuration to complete osqueryd because there might be some other extensions loaded by osqueryd which does not need SSL. Do I make sense?
sephkolide
The part that confusions me, is how osquery fits in. How are applications using osquery to get this data at all?
dipti:
My extension does IPC with my process to fetch data. That all looks ok for now. You may assume that extension table has all required data.
sephkolide
Is there an osqueryi invocation? Is there an osqueryd running somewhere? How is the underlying data protected? If don’t want appX to access it, what’s preventing it from hitting the underlying API directly?
dipti:
nothing is preventing for now. That is my question, how do I prevent it :)