Bug #873
closed
suricata.yaml: .mgc is NOT actually added to value for magic file
Added by Mark Solaris over 11 years ago.
Updated about 5 years ago.
Description
The suricata.yaml file states that the value you specify for 'magic-file' will then have the .mgc suffix appended.
# Magic file. The extension .mgc is added to the value here.
magic-file: /usr/local/share/misc/magic
There's no code to support this advice:
host:/var/tmp/suricata-1.4.3 root# grep mgc * */* */*/*
configure: e_magic_file="/usr/local/share/misc/magic.mgc"
configure: e_magic_file="/usr/local/share/misc/magic.mgc"
configure: e_magic_file="/usr/local/share/file/magic.mgc"
configure: e_magic_file="$e_winbase\\\\magic.mgc"
configure.ac: e_magic_file="/usr/local/share/misc/magic.mgc"
configure.ac: e_magic_file="/usr/local/share/misc/magic.mgc"
configure.ac: e_magic_file="/usr/local/share/file/magic.mgc"
configure.ac: e_magic_file="$e_winbase\\\\magic.mgc"
suricata.yaml:# Magic file. The extension .mgc is added to the value here.
suricata.yaml.in:# Magic file. The extension .mgc is added to the value here.
and the program bombs out:
11/7/2013 -- 12:32:30 - <Info> - using magic-file /usr/local/share/misc/magic
11/7/2013 -- 12:32:30 - <Warning> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/usr/local/share/misc/magic": No such file or directory
host:/apps/ids/suricata root# ls -aCF /usr/local/share/misc
total 5133
drwxr-xr-x 2 root root 3 Jul 10 12:57 ./
drwxr-xr-x 28 root root 28 Jul 10 16:54 ../
-rw-r--r-- 1 root root 2606480 Jul 2 18:32 magic.mgc
The suricata.yaml[.in] file needs to be updated to remove the statement about '.mgc' being automatically appended.
- Target version set to TBD
- Assignee set to Andreas Herz
Can confirm the issue on archlinux
- Subject changed from 1.4.3: suricata.yaml: .mgc is NOT actually added to value for magic file to suricata.yaml: .mgc is NOT actually added to value for magic file
The problem is that we check with fdopen if the file exists which also works when a directory exists. So in the case of debian fdopen is !=NULL as it has /usr/share/file/magic dir (which is the line in suricata.yaml). But the magic_load function afterwards adds .mgc itself so on debian no one noticed the issue there.
But on archlinux there is /usr/share/file/misc/magic.mgc but no dir /usr/share/file/misc/magic so there you're forced to add .mgc in the suricata.yaml (or mkdir /usr/share/file/misc/magic :p).
So we have 2 solutions:
- fix the code so we will print an error
- change the description in the yaml (easier and we don't have to deal with all the issues with different locations in the systems within configure.ac)
Thoughts?
Andreas Herz wrote:
So we have 2 solutions:
- fix the code so we will print an error
- change the description in the yaml (easier and we don't have to deal with all the issues with different locations in the systems within configure.ac)
I would fix the code, since every installation will have been configured for the original description. The low effort approach in this case means lower quality of code and will annoy the user base.
Yeah we can probably work around this in the code. E.g. do magic_load first on the path provided, if it fails run it again on the path with .mgc appended.
magic_load is not the issue since it adds .mgc itself if need, the problem is the part before.
So if .mgc is not added in the config file we check for a directory instead of a file. So we can use stat to check if it's a directory and error out which breaks old configs or just add .mgc to the config value and see if we really got the file.
- Status changed from New to Closed
- Target version changed from TBD to 3.0.1RC1
Also available in: Atom
PDF