Whichever you’re comfortable with, is fine.
I don’t know, default GRUB config file contains
# Uncomment this option to enable os-prober execution in the grub-mkconfig command
#GRUB_DISABLE_OS_PROBER=false
So to me it is disabled by default. Also, I don’t know what you’re talking about here
In order for os_prober to detect other operating systems installed on the same machine, it must mount all filesystems it finds and read them, which it must of course do with root privileges.
Reading foreign filesystems may cause some undesirable — read: intentionally malicious — code to get loaded into memory, and considering that it’s being read into the memory context of a root-owned process, this could pave the way for an exploit.
It worked.
1 Like
Yup. That seems more elegant.
This is what Ubuntu had to say at the time:
Os-prober is inherently insecure as it mounts all partitions on your disk using grub-mount to check them for other OS, which is not a nice thing to do as root as you can exploit bugs in the filesystem code easily.
From GRUB Manual 2.12: ‘GRUB_DISABLE_OS_PROBER’:
… It is disabled by default since automatic and silent execution of os-prober, and creating boot entries based on that data, is a potential attack vector. Set this option to ‘false’ to enable this feature in the grub-mkconfig command.*…
Or, simply search for ‘Why is os-prober disabled by default?’ for hundreds of variations.
And all is right with the Universe! 
Fortunately, I do. 
1 Like
In that case, please mark the appropriate post — whose ever it was — as the solution.
It’s arguably supposed to be, yes; but clearly not with the ISO’s I’ve used in the past few weeks when setting up multiboot scenario’s. It surprised me that I didn’t need to edit /etc/default/grub at all - the line must have been already uncommented.
Thanks for the clarification.
1 Like
This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.