`wifi_status` table missing fields on macOS

Question

`wifi_status` table missing fields on macOS

Opened this issue 6 months ago · 2 comments

Bug report

I know Apple has been removing bssid access. But I was somewhat surprised not to see ssid and network_name populated

In the same vein, maybe we should update the schema.

$ sudo  .../5.10.2/osqueryd -S

osquery> select * from os_version;
+-------+---------+-------+-------+-------+----------+----------+---------------+----------+-------+-------+
| name  | version | major | minor | patch | build    | platform | platform_like | codename | arch  | extra |
+-------+---------+-------+-------+-------+----------+----------+---------------+----------+-------+-------+
| macOS | 14.2    | 14    | 2     |       | 23C5047e | darwin   | darwin        |          | arm64 |       |
+-------+---------+-------+-------+-------+----------+----------+---------------+----------+-------+-------+

osquery> select version from osquery_info;
+---------+
| version |
+---------+
| 5.10.2  |
+---------+

osquery> select * from wifi_status;
+-----------+------+-------+--------------+--------------+---------------+------+-------+---------+---------------+--------------+---------------+---------+
| interface | ssid | bssid | network_name | country_code | security_type | rssi | noise | channel | channel_width | channel_band | transmit_rate | mode    |
+-----------+------+-------+--------------+--------------+---------------+------+-------+---------+---------------+--------------+---------------+---------+
| en0       |      |       |              |              | Unknown       | -52  | -92   | 36      | 40            | 5            | 573.000000    | Station |
+-----------+------+-------+--------------+--------------+---------------+------+-------+---------+---------------+--------------+---------------+---------+

What operating system and version are you using?

osquery> SELECT version, build, platform FROM os_version;
 version = 14.2
   build = 23C5047e
platform = darwin

What version of osquery are you using?

osquery> SELECT version from osquery_info;;
version = 5.10.2

What steps did you take to reproduce the issue?

select * from wifi_status

What did you expect to see?

ssid and network_name columns

What did you see instead?

They were blank

Answer 1 · 2023-12-20T02:02:07.000Z

Hello @directionless , I do see the columns themselves, but yes, they are empty for me too. Please check the screenshot below.

Answer 2 · 2023-12-20T13:42:09.000Z

This is since Sonoma, I had to do a hotfix for 5.10.2 because wifi_survey was crashing due to an empty ssid: #8153

Apparently to get that information now the Location Services must be active, and the app has to have the authorization.
Given though that osquery doesn't on its own appear in the allowable list of apps, there's the additional step of requesting the auth by code.
I found some discussions about it here: https://developer.apple.com/forums/thread/732431