Re: why is os-prober disabled by default
On Fri 14 Jul 2023 at 21:41:39 +0300, Teemu Likonen wrote:
> * 2023-07-14 20:32:41+0200, digitalmailing@gmx.de wrote:
>
> > Is there a reason why GRUB_DISABLE_OS_PROBER=false in
> > /etc/default/grub is commented by default after installation of
> > bookworm or grub?
>
> Yes. Release notes document tells about it briefly:
>
> 5.1.11. GRUB no longer runs os-prober by default
>
> For a long time, grub has used the os-prober package to detect other
> operating systems installed on a computer so that it can add them to
> the boot menu. Unfortunately, that can be problematic in certain
> cases (e.g. where guest virtual machines are running), so this has
> now been disabled by default in the latest upstream release.
>
> https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#grub-os-prober
Most Debian users experience of guest virtual machines is likely to be
minimal, so the impact of having GRUB_DISABLE_OS_PROBER=false falls on
the majority. The change is is an upstream one and Debian tends not
to go against such changes. This is the likely reason for not altering
what upstream has determined.
The reason for upstream's decision appears to be:
os-prober is inherently insecure as it mounts all partitions
on your disk using grub-mount to check them for other OS,
which is not a nice thing to do as root as you can exploit
bugs in the filesystem code easily.
--
Brian
Reply to: