Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default

2021-03-03 Thread John Paul Adrian Glaubitz
Hi Daniel! On 3/3/21 8:38 PM, Daniel Kiper wrote: >> I'm not sure I'm able to follow the motivation to keep the naming scheme >> as is. >> >> If I have an option called "DISABLE_FEATURE_X", then I would expect setting >> it to "true" would mean that the feature is disabled not the other way >>

Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default

2021-03-03 Thread Daniel Kiper
On Wed, Mar 03, 2021 at 07:43:23PM +0100, John Paul Adrian Glaubitz wrote: > Hi Daniel! > > On 3/3/21 2:13 PM, Daniel Kiper wrote: > >> This is confusing: now to get boot entries from os-prober one have to > >> set: > >> GRUB_DISABLE_OS_PROBER=true > >> in /etc/default/grub. > >> > >> Either

Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default

2021-03-03 Thread Didier Spaier
Le 03/03/2021 à 20:05, Lennart Sorensen a écrit : On Wed, Mar 03, 2021 at 07:43:23PM +0100, John Paul Adrian Glaubitz wrote: I'm not sure I'm able to follow the motivation to keep the naming scheme as is. If I have an option called "DISABLE_FEATURE_X", then I would expect setting it to

Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default

2021-03-03 Thread Lennart Sorensen
On Wed, Mar 03, 2021 at 07:43:23PM +0100, John Paul Adrian Glaubitz wrote: > I'm not sure I'm able to follow the motivation to keep the naming scheme > as is. > > If I have an option called "DISABLE_FEATURE_X", then I would expect setting > it to "true" would mean that the feature is disabled not

Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default

2021-03-03 Thread John Paul Adrian Glaubitz
Hi Daniel! On 3/3/21 2:13 PM, Daniel Kiper wrote: >> This is confusing: now to get boot entries from os-prober one have to >> set: >> GRUB_DISABLE_OS_PROBER=true >> in /etc/default/grub. >> >> Either revert that, or (better, in my opinion) label the variable >> GRUB_ENABLE_OS_PROBER and set it to

Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default

2021-03-03 Thread Lennart Sorensen
On Wed, Mar 03, 2021 at 02:13:04PM +0100, Daniel Kiper wrote: > On Tue, Mar 02, 2021 at 10:49:16PM +0100, Didier Spaier wrote: > > Le 02/03/2021 à 19:02, Daniel Kiper a écrit : > > > From: Alex Burmashev > > > diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in > > > index

Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default

2021-03-03 Thread Daniel Kiper
On Tue, Mar 02, 2021 at 10:49:16PM +0100, Didier Spaier wrote: > Le 02/03/2021 à 19:02, Daniel Kiper a écrit : > > From: Alex Burmashev > > diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in > > index 1b91c102f..80685b15f 100644 > > --- a/util/grub.d/30_os-prober.in > > +++

Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default

2021-03-02 Thread Didier Spaier
Le 02/03/2021 à 19:02, Daniel Kiper a écrit : From: Alex Burmashev diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in index 1b91c102f..80685b15f 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -26,7 +26,8 @@ export TEXTDOMAINDIR="@localedir@"

[SECURITY PATCH 116/117] templates: Disable the os-prober by default

2021-03-02 Thread Daniel Kiper
From: Alex Burmashev The os-prober is enabled by default what may lead to potentially dangerous use cases and borderline opening attack vectors. This patch disables the os-prober, adds warning messages and updates GRUB_DISABLE_OS_PROBER configuration option documentation. This way we make it