Getting error on magic using on Sonoma with osquer...
# macosk
Kiwito
11/01/2023, 5:35 PMGetting error on magic using on Sonoma with osquery 5.10.2 it looks like the same old error which was fixed on 5.2.1 I guess.
Unable to load magic list of database.
Can anyone else check magic Table ?
s
Stefano Bonicatti
11/01/2023, 5:37 PMUnfortunately it's a mismatch between the version of libmagic that osquery uses and the one the system uses, given that osquery always attempts to load the system one first.
There's an issue open about this: https://github.com/osquery/osquery/issues/7519
Stefano Bonicatti
11/01/2023, 5:39 PMSo this issue has always been there, it just so happen that sometimes it was somewhat working.
k
Kiwito
11/01/2023, 5:39 PMI thought it was fixed which mentioned in the issue 7458. 🥲
s
Stefano Bonicatti
11/01/2023, 5:44 PMYeah it was only fixed for a period for macOS maybe, due to the range of versions of libmagic on the system.
But as expressed on the issue I linked, the format of the DB sometimes changes and newer library versions might not be backward compatible with everything. The opposite can happen too, newer DB versions are not yet supported.
k
Kiwito
11/01/2023, 5:53 PMThanks for info.
Kiwito
11/01/2023, 6:05 PMBtw, I just confirmed that this started for me after updating to 5.10.2 . But I will not revert, just I will not use magic since it is not stable.
4 Views