grub2/0196-Revert-templates-Disable-the-os-prober-by-default.patch
Javier Martinez Canillas 61745502ab
Update to 2.06~rc1 to fix a bunch of CVEs
Resolves: CVE-2020-14372
Resolves: CVE-2020-25632
Resolves: CVE-2020-25647
Resolves: CVE-2020-27749
Resolves: CVE-2020-27779
Resolves: CVE-2021-20225
Resolves: CVE-2021-20233

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-03-15 09:50:34 +01:00

70 lines
3.3 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Fri, 12 Mar 2021 23:26:15 +0100
Subject: [PATCH] Revert "templates: Disable the os-prober by default"
This reverts commit e346414725a70e5c74ee87ca14e580c66f517666.
---
docs/grub.texi | 18 ++++++++----------
util/grub.d/30_os-prober.in | 5 +----
2 files changed, 9 insertions(+), 14 deletions(-)
diff --git a/docs/grub.texi b/docs/grub.texi
index cb5804fd6fe..d183575bc18 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -1526,13 +1526,10 @@ boot sequence. If you have problems, set this option to @samp{text} and
GRUB will tell Linux to boot in normal text mode.
@item GRUB_DISABLE_OS_PROBER
-The @command{grub2-mkconfig} has a feature to use the external
-@command{os-prober} program to discover other operating systems installed on
-the same machine and generate appropriate menu entries for them. It is disabled
-by default since automatic and silent execution of @command{os-prober}, and
-creating boot entries based on that data, is a potential attack vector. Set
-this option to @samp{false} to enable this feature in the
-@command{grub2-mkconfig} command.
+Normally, @command{grub2-mkconfig} will try to use the external
+@command{os-prober} program, if installed, to discover other operating
+systems installed on the same system and generate appropriate menu entries
+for them. Set this option to @samp{true} to disable this.
@item GRUB_OS_PROBER_SKIP_LIST
List of space-separated FS UUIDs of filesystems to be ignored from os-prober
@@ -1860,9 +1857,10 @@ than zero; otherwise 0.
@section Multi-boot manual config
Currently autogenerating config files for multi-boot environments depends on
-os-prober and has several shortcomings. Due to that it is disabled by default.
-It is advised to use the power of GRUB syntax and do it yourself. A possible
-configuration is detailed here, feel free to adjust to your needs.
+os-prober and has several shortcomings. While fixing it is scheduled for the
+next release, meanwhile you can make use of the power of GRUB syntax and do it
+yourself. A possible configuration is detailed here, feel free to adjust to your
+needs.
First create a separate GRUB partition, big enough to hold GRUB. Some of the
following entries show how to load OS installer images from this same partition,
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
index 7591edc58ed..3c9431cfcfb 100644
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@@ -26,8 +26,7 @@ export TEXTDOMAINDIR="@localedir@"
. "$pkgdatadir/grub-mkconfig_lib"
-if [ "x${GRUB_DISABLE_OS_PROBER}" = "xfalse" ]; then
- gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.\n"
+if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then
exit 0
fi
@@ -40,8 +39,6 @@ OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`"
if [ -z "${OSPROBED}" ] ; then
# empty os-prober output, nothing doing
exit 0
-else
- grub_warn "$(gettext_printf "os-prober was executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")"
fi
osx_entry() {