Hey <@U0JT049S4> ! Is Michael Lynn here on Slack? ...
# macosa
alessandrogario
09/12/2018, 12:11 AM
Hey @thor ! Is Michael Lynn here on Slack? This may be what he was talking about during the last office hours? https://osquery.slack.com/archives/C08VA8R6F/p1536688765000100
t
thor
09/12/2018, 12:41 AM
Yeah @frogor :)
๐ 1
f
frogor
09/12/2018, 12:42 AM๐
frogor
09/12/2018, 12:44 AMHmmm. The only thing in that query that ... osquery isn't raw accessing /var/db/dslocal record files is it?
frogor
09/12/2018, 12:45 AM'cause that is a no-no now
frogor
09/12/2018, 12:47 AMtoo bad the traceback doesn't have the path in question
a
alessandrogario
09/12/2018, 12:47 AM
I don't know if this is what you were looking for, hope I didn't have Nick highlight you for nothing ๐
f
frogor
09/12/2018, 12:47 AMThat's exactly the kind of thing
๐ 2
frogor
09/12/2018, 12:48 AMI spun up another b10 machine today
frogor
09/12/2018, 12:48 AMI'll try the same query
g
groob
09/12/2018, 1:11 AM
@obelisk is tracking Mojave issues here https://github.com/facebook/osquery/issues/4493
groob
09/12/2018, 1:13 AM
on b10 I dont get a crash, I just get no results
groob
09/12/2018, 1:19 AM
maybe I am missing something in the query
groob
09/12/2018, 1:21 AM
eh, i even get results
groob
09/12/2018, 1:21 AM
now that I have an ssh key
groob
09/12/2018, 1:22 AM
i can see that @spookerlabs has this issue on 10.13, so my guess itโs another problem
s
sharvil
09/12/2018, 7:26 AMMaybe boost::fs issue similar to this one? https://github.com/facebook/osquery/pull/5208 โ I know thatโs a windows issue, but maybe there is an unhandled boost exception here too.
sharvil
09/12/2018, 8:20 AMAnd maybe relatedly https://github.com/facebook/osquery/issues/3279 which @zwass has encountered before
2 Views