In the recent updates the Manjaro-Team disabled os-prober by default stating “security issues”. When I read the announcements it just linkes to some webpages stating “borderline atack vectors”.
When I’m searching the internet using my search engine I just get some ten year old forum-messages about disabling os-prober. Therefore I’ve the questions: About which atack vectors are we talkig? What atack’s is this preventing? Which knowledge changed since 2010?
Note: This is only for my information.
Thanks for your answer in advance.
(Note: I did not find a better fitting section than the support option. If there is one, please move it there.)
Thanks for your replay!
Unfortunatelly 2 out of your 4 quotes just solves the problem that my other OS is not found in grub. Nevertheless I wanted to know what security issues the os-prober-feature has.
There is one link, with which I may can imagine a scenario(For which I was searching): https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass2021
If we consider CVE-2021-3418 then it is possible to store a modified kernel which is then recognised by os-prober as a normal os and GRUB boots that. Is that true or am I on the wrong track?