launcher icon indicating copy to clipboard operation
launcher copied to clipboard
verified publisher icon kolide

Ensure launcher application files & directories have proper access control

Open seejdev opened this issue 2 years ago • 2 comments

The launcher process runs as root/admin and lower privileged users should not be able to read or modify files & directories which are only used by the launcher process.

This includes:

  • Configuration files
  • App data
  • Certificates
  • Enrollment data

This does not include files which are used by launcher desktop; these should be restricted to the logged-in user.

seejdev avatar Apr 24 '23 23:04 seejdev

This relates to https://github.com/kolide/launcher/issues/1143

  • .../data should be private
  • .../conf/secret isn't very secret, but should be private.
  • .../conf/launcher.flags (or whatever it's called) should not be secret.

It's possible some of that should change locations or move to the registry.

directionless avatar Apr 25 '23 00:04 directionless