[Bug 495423] Re: update to grub-pc writes MBR without checks, prompt or backup

WSC 495423 at bugs.launchpad.net
Wed Jul 27 12:06:52 UTC 2011 

I can confirm this bug (looks more like plain stupidity than a bug) and
it affected me badly.

Never ever update of anything should touch MBR or 'autoidiotically' change vital system areas 
unless explicitly told to do so by admin.

> Would it be easier to detect other bootloaders?

No. No one can know of all or even most of bootloaders in use, the less how to detect them reliably.
Ie there can be govt mandated security assesment under its own bootmanager that a few people 
will ever see.

Fix:

There is /boot/grub or /etc/default/grub to use for. flag whether messing with MBR is allowed.
If user/admin agrees to during install, put either grub_can_mess_with_mbr.yes file into /boot/grub directory
or fill in GRUB_CAN_MESS_WITH_MBR=yes in suitable script in /etc/grub.d and transfer it to grub.cfg
for inspection. also GRUB_INSTALL_TO_DEV= or GRUB_INSTALL_TO_UUID= need to be introduced 
and RESPECTED.
 

P.S. It is CRITICAL bug. In fact due to this stupidity of grub2 update I am told now to purge ubuntu from 
ALL places in my organization, after a few year battle for being allowed to install ubuntu on less important
production machines. 

System: 10.04 LTS / dual boot with nationa

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/495423

Title:
  update to grub-pc writes MBR without checks, prompt or backup

Status in “grub2” package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: grub

  Booted laptop from external USB HDD containing Karmic.

  Installed updates. One of the updates is to grub.

  Internal drive contains a full-disk encrypted Windows installation.

  Update to grub writes the grub MBR to the internal disk, instead of
  the disk that grub booted the original MBR from.

  On a standard Windows install I would have considered this merely
  annoying, because I could have replaced the MBR easily enough. On this
  install I have to get one of the support techs to "bless" the disk
  with a special bootloader and the "Code of the Day".

  This is a more general case of #112239 "GRUB writes to wrong MBR and
  destroys RAID setup"

  Suggestions ;

   - Where multiple disks present, always prompt the user for the disk to put the MBR on. This would help prevent these problems 
     - Make the prompt nice and clear, disk descriptors, sizes, etc
   - When UPDATING grub, only write the MBR to a disk that has a recognized grub MBR on it already.
     - It's not an "install" (and be damned), it's an update
   - Whenever you write any MBR, write the previous MBR data to a permanent log file. This way it can be restored afterwards.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/495423/+subscriptions

More information about the foundations-bugs mailing list