[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default
From: |
Daniel Kiper |
Subject: |
Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default |
Date: |
Wed, 3 Mar 2021 14:13:04 +0100 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Tue, Mar 02, 2021 at 10:49:16PM +0100, Didier Spaier wrote:
> Le 02/03/2021 à 19:02, Daniel Kiper a écrit :
> > From: Alex Burmashev <alexander.burmashev@oracle.com>
> > diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
> > index 1b91c102f..80685b15f 100644
> > --- a/util/grub.d/30_os-prober.in
> > +++ b/util/grub.d/30_os-prober.in
> > @@ -26,7 +26,8 @@ export TEXTDOMAINDIR="@localedir@"
> > . "$pkgdatadir/grub-mkconfig_lib"
> > -if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then
> > +if [ "x${GRUB_DISABLE_OS_PROBER}" = "xfalse" ]; then
> > + gettext_printf "os-prober will not be executed to detect other bootable
> > partitions.\nSystems on them will not be added to the GRUB boot
> > configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.\n"
> > exit 0
> > fi
>
> This is confusing: now to get boot entries from os-prober one have to
> set:
> GRUB_DISABLE_OS_PROBER=true
> in /etc/default/grub.
>
> Either revert that, or (better, in my opinion) label the variable
> GRUB_ENABLE_OS_PROBER and set it to false by default.
When we worked on this patch we considered that. However, after some
thinking we stated that renaming to GRUB_ENABLE_OS_PROBER will make
more confusion. So, we decided to stick to existing name even if it
is not the best one.
> Tested from grub pulled from git master with all patches committed.
Thank you for doing tests.
Daniel
- [SECURITY PATCH 101/117] kern/efi: Add initial stack protector implementation, (continued)
- [SECURITY PATCH 101/117] kern/efi: Add initial stack protector implementation, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 109/117] util/mkimage: Add an option to import SBAT metadata into a .sbat section, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 115/117] gfxmenu/gui: Check printf() format in the gui_progress_bar and gui_label, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 104/117] util/mkimage: Always use grub_host_to_target32() to initialize PE stack and heap stuff, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 112/117] kern/misc: Split parse_printf_args() into format parsing and va_list handling, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 106/117] util/mkimage: Reorder PE optional header fields set-up, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 114/117] kern/misc: Add function to check printf() format against expected format, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Daniel Kiper, 2021/03/02
[SECURITY PATCH 117/117] kern/mm: Fix grub_debug_calloc() compilation error, Daniel Kiper, 2021/03/02
[SECURITY PATCH 110/117] grub-install-common: Add --sbat option, Daniel Kiper, 2021/03/02
[SECURITY PATCH 113/117] kern/misc: Add STRING type for internal printf() format handling, Daniel Kiper, 2021/03/02
[SECURITY PATCH 111/117] shim_lock: Only skip loading shim_lock verifier with explicit consent, Daniel Kiper, 2021/03/02