e346414725
The os-prober is enabled by default what may lead to potentially dangerous use cases and borderline opening attack vectors. This patch disables the os-prober, adds warning messages and updates GRUB_DISABLE_OS_PROBER configuration option documentation. This way we make it clear that the os-prober usage is not recommended. Simplistic nature of this change allows downstream vendors, who really want os-prober to be enabled out of the box in their relevant products, easily revert to it's old behavior. Reported-by: NyankoSec (<nyanko@10x.moe>, https://twitter.com/NyankoSec), working with SSD Secure Disclosure Signed-off-by: Alex Burmashev <alexander.burmashev@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
All executable files in this directory are processed in shell expansion order. 00_*: Reserved for 00_header. 10_*: Native boot entries. 20_*: Third party apps (e.g. memtest86+). The number namespace in-between is configurable by system installer and/or administrator. For example, you can add an entry to boot another OS as 01_otheros, 11_otheros, etc, depending on the position you want it to occupy in the menu; and then adjust the default setting via /etc/default/grub.