Fix kernel_info on OS X, remove md5

osquery/tables/system/darwin/kernel_info.cpp

@@ -118,7 +118,11 @@ QueryData genKernelInfo(QueryContext& context) {
   if (CFDictionaryGetValueIfPresent(
           properties, CFSTR("boot-file"), &property)) {
     r["path"] = stringFromCFData((CFDataRef)property);
+    std::replace(r["path"].begin(), r["path"].end(), '\\', '/');
     boost::trim(r["path"]);
+    if (!r["path"].empty() && r["path"][0] != '/') {
+      r["path"] = "/" + r["path"];
+    }
   }
   // No longer need chosen properties.
   CFRelease(properties);
@@ -138,12 +142,6 @@ QueryData genKernelInfo(QueryContext& context) {
     }
   }
 
-  // With the path and device, try to locate the on-disk kernel
-  if (r.count("path") > 0) {
-    // This does not use the device path, potential invalidation.
-    r["md5"] = hashFromFile(HASH_TYPE_MD5, "/" + r["path"]);
-  }
-
   results.push_back(r);
   return results;
 }

osquery/tables/system/linux/kernel_info.cpp

@@ -67,11 +67,6 @@ QueryData genKernelInfo(QueryContext& context) {
     VLOG(1) << "Cannot find kernel signature file: " << kKernelSignaturePath;
   }
 
-  // Using the path of the boot image, attempt to calculate a hash.
-  if (r.count("path") > 0) {
-    r["md5"] = hashFromFile(HASH_TYPE_MD5, r.at("path"));
-  }
-
   results.push_back(r);
   return results;
 }

specs/kernel_info.table

@@ -5,6 +5,5 @@ schema([
   Column("arguments", TEXT, "Kernel arguments"),
   Column("path", TEXT, "Kernel path"),
   Column("device", TEXT, "Kernel device identifier"),
-  Column("md5", TEXT, "MD5 hash of Kernel"),
 ])
 implementation("system/kernel_info@genKernelInfo")