git.ipfire.org Git - thirdparty/grub.git/commit

author	Alex Burmashev <alexander.burmashev@oracle.com>
	Tue, 16 Feb 2021 10:12:12 +0000 (11:12 +0100)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Tue, 2 Mar 2021 14:54:20 +0000 (15:54 +0100)
commit	e346414725a70e5c74ee87ca14e580c66f517666
tree	f028e903009b2beec7e610eb932709fdd7b9a452	tree
parent	42facd577231cf5ffe4c7128fed15b7e7d99cbca	commit \| diff

templates: Disable the os-prober by default

The os-prober is enabled by default what may lead to potentially
dangerous use cases and borderline opening attack vectors. This
patch disables the os-prober, adds warning messages and updates
GRUB_DISABLE_OS_PROBER configuration option documentation. This
way we make it clear that the os-prober usage is not recommended.

Simplistic nature of this change allows downstream vendors, who
really want os-prober to be enabled out of the box in their
relevant products, easily revert to it's old behavior.

Reported-by: NyankoSec (<nyanko@10x.moe>, https://twitter.com/NyankoSec),
working with SSD Secure Disclosure
Signed-off-by: Alex Burmashev <alexander.burmashev@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

docs/grub.texi		diff \| blob \| blame \| history
util/grub.d/30_os-prober.in		diff \| blob \| blame \| history