[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY PATCH 116/117] templates: Disable the os-prober by default
From: |
Daniel Kiper |
Subject: |
[SECURITY PATCH 116/117] templates: Disable the os-prober by default |
Date: |
Tue, 2 Mar 2021 19:02:03 +0100 |
From: Alex Burmashev <alexander.burmashev@oracle.com>
The os-prober is enabled by default what may lead to potentially
dangerous use cases and borderline opening attack vectors. This
patch disables the os-prober, adds warning messages and updates
GRUB_DISABLE_OS_PROBER configuration option documentation. This
way we make it clear that the os-prober usage is not recommended.
Simplistic nature of this change allows downstream vendors, who
really want os-prober to be enabled out of the box in their
relevant products, easily revert to it's old behavior.
Reported-by: NyankoSec (<nyanko@10x.moe>, https://twitter.com/NyankoSec),
working with SSD Secure Disclosure
Signed-off-by: Alex Burmashev <alexander.burmashev@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
docs/grub.texi | 18 ++++++++++--------
util/grub.d/30_os-prober.in | 5 ++++-
2 files changed, 14 insertions(+), 9 deletions(-)
diff --git a/docs/grub.texi b/docs/grub.texi
index 2f2ae2228..cb5fe6e08 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -1519,10 +1519,13 @@ boot sequence. If you have problems, set this option
to @samp{text} and
GRUB will tell Linux to boot in normal text mode.
@item GRUB_DISABLE_OS_PROBER
-Normally, @command{grub-mkconfig} will try to use the external
-@command{os-prober} program, if installed, to discover other operating
-systems installed on the same system and generate appropriate menu entries
-for them. Set this option to @samp{true} to disable this.
+The @command{grub-mkconfig} has a feature to use the external
+@command{os-prober} program to discover other operating systems installed on
+the same machine and generate appropriate menu entries for them. It is disabled
+by default since automatic and silent execution of @command{os-prober}, and
+creating boot entries based on that data, is a potential attack vector. Set
+this option to @samp{false} to enable this feature in the
+@command{grub-mkconfig} command.
@item GRUB_OS_PROBER_SKIP_LIST
List of space-separated FS UUIDs of filesystems to be ignored from os-prober
@@ -1850,10 +1853,9 @@ than zero; otherwise 0.
@section Multi-boot manual config
Currently autogenerating config files for multi-boot environments depends on
-os-prober and has several shortcomings. While fixing it is scheduled for the
-next release, meanwhile you can make use of the power of GRUB syntax and do it
-yourself. A possible configuration is detailed here, feel free to adjust to
your
-needs.
+os-prober and has several shortcomings. Due to that it is disabled by default.
+It is advised to use the power of GRUB syntax and do it yourself. A possible
+configuration is detailed here, feel free to adjust to your needs.
First create a separate GRUB partition, big enough to hold GRUB. Some of the
following entries show how to load OS installer images from this same
partition,
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
index 1b91c102f..80685b15f 100644
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@@ -26,7 +26,8 @@ export TEXTDOMAINDIR="@localedir@"
. "$pkgdatadir/grub-mkconfig_lib"
-if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then
+if [ "x${GRUB_DISABLE_OS_PROBER}" = "xfalse" ]; then
+ gettext_printf "os-prober will not be executed to detect other bootable
partitions.\nSystems on them will not be added to the GRUB boot
configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.\n"
exit 0
fi
@@ -39,6 +40,8 @@ OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`"
if [ -z "${OSPROBED}" ] ; then
# empty os-prober output, nothing doing
exit 0
+else
+ grub_warn "$(gettext_printf "os-prober was executed to detect other bootable
partitions.\nIt's output will be used to detect bootable binaries on them and
create new boot entries.")"
fi
osx_entry() {
--
2.11.0
- [SECURITY PATCH 103/117] util/mkimage: Use grub_host_to_target32() instead of grub_cpu_to_le32(), (continued)
- [SECURITY PATCH 103/117] util/mkimage: Use grub_host_to_target32() instead of grub_cpu_to_le32(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 105/117] util/mkimage: Unify more of the PE32 and PE32+ header set-up, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 101/117] kern/efi: Add initial stack protector implementation, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 109/117] util/mkimage: Add an option to import SBAT metadata into a .sbat section, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 115/117] gfxmenu/gui: Check printf() format in the gui_progress_bar and gui_label, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 104/117] util/mkimage: Always use grub_host_to_target32() to initialize PE stack and heap stuff, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 112/117] kern/misc: Split parse_printf_args() into format parsing and va_list handling, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 106/117] util/mkimage: Reorder PE optional header fields set-up, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 114/117] kern/misc: Add function to check printf() format against expected format, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 116/117] templates: Disable the os-prober by default,
Daniel Kiper <=
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Didier Spaier, 2021/03/02
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Daniel Kiper, 2021/03/03
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Lennart Sorensen, 2021/03/03
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, John Paul Adrian Glaubitz, 2021/03/03
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Lennart Sorensen, 2021/03/03
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Didier Spaier, 2021/03/03
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Daniel Kiper, 2021/03/03
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, John Paul Adrian Glaubitz, 2021/03/03
[SECURITY PATCH 117/117] kern/mm: Fix grub_debug_calloc() compilation error, Daniel Kiper, 2021/03/02
[SECURITY PATCH 110/117] grub-install-common: Add --sbat option, Daniel Kiper, 2021/03/02