Network_monitor extension not being bundled. Intentional?
mike-myers-tob opened this issue · comments
It appears that either the network_monitor
does not build into the bundled extension, because it uses addOsqueryExtension
in its CMake rather than addOsqueryExtensionEx
.
https://github.com/trailofbits/osquery-extensions/blob/master/network_monitor/CMakeLists.txt#L36
Should we fix this, or document it as intentional and add a note to the READMEs?
A user has reported that they are able to load the extension this way:
osqueryi --allow_unsafe --extension osquery/build/external/extension_trailofbits/extensions/network_monitor/network_monitor.ext
This was intentional because the network_monitor
extension drops its privileges at runtime to do handling of untrusted network traffic, and that is incompatible with what the other extensions need, so it is built as a separate executable.
Documented in dbee8f5