Extensions dying after query that changes privileges #68
Description
Whenever I run a query that attempts to drop privileges while I have extensions registered, the extensions die.
This output below is from a machine running Amazon Linux release 2 (Karoo), but I've run into the same problem on an Ubuntu machine. I haven't been able to reproduce on OSX and haven't yet tried on Windows.
Building and running the example extension from https://github.com/kolide/osquery-go/blob/master/examples/table/main.go , I get the following output:
osquery> select * from example_table;
+-------------+---------+-------------+---------+
| text | integer | big_int | double |
+-------------+---------+-------------+---------+
| hello world | 123 | -1234567890 | 3.14159 |
+-------------+---------+-------------+---------+
osquery> select * from authorized_keys where uid in (select uid from users);
Thrift: Fri Dec 14 01:58:37 2018 TSocket::read() THRIFT_POLL() Interrupted system call
Thrift: Fri Dec 14 01:58:37 2018 TConnectedClient died: Unknown: Interrupted system call
<.....................QUERY RESULTS...................>
osquery> Thrift: Fri Dec 14 01:58:41 2018 TSocket::open() connect() <Host: Port: 0>Connection refused
I1214 01:58:41.973999 32340 extensions.cpp:305] Extension UUID 18021 has gone away
osquery> select * from example_table;
Error: no such table: example_table
osquery>
OSQuery version: Reproduced on both 3.3.0 (downloaded from the website) and built from source at hash 5188ce5288abe0e323b8e8bd364f452134a62d00
osquery-go version: current master (7486f08)
If you configure the extensions to re-register, this is fine as it doesn't actually prevent the query from running, but it means that it's also impossible to successfully execute a query from inside an extension.
I think this is related to osquery/osquery#1638.
I spoke to @groob briefly in slack. I'm not sure if this is an osquery-go issue or an issue with osquery, as I haven't yet tried building a C++ extension. Thanks so much for your help!