Forgot your password?
typodupeerror
Bug Ubuntu Windows Linux

Some Windows Apps Make GRUB 2 Unbootable 429

Posted by timothy
from the windows-is-to-boot-out-not-up dept.
KwahAG writes "Colin Watson, one of the Ubuntu developers, published in his blog information about Windows applications making GRUB 2 unbootable. Users of dual-boot Windows/Linux installations may face the problem, which boils down to particular Windows applications (Colin does not name them, but users point at least to HP ProtectTools, PC Angel, Adobe Flexnet) blindly overwriting hard disk content between the MBR and the first partition destroying information already stored there, in this particular case — the 'core image' of GRUB 2 (GRand Unified Bootloader) making the system unbootable."
This discussion has been archived. No new comments can be posted.

Some Windows Apps Make GRUB 2 Unbootable

Comments Filter:
  • by guruevi (827432) <evi@@@smokingcube...be> on Saturday August 28, 2010 @05:28PM (#33405372) Homepage

    ... and that's the reason why BIOS 'virus protection' blocks access to that portion of the hard drive. Too bad that DRM breaks everything once again and too bad the mainstream of users isn't affected by it.

    • by mysidia (191772) on Saturday August 28, 2010 @05:33PM (#33405400)

      Nothing is supposed to be there except the user-installed system boot code, boot data, and hard drive parameters.

      Third party software certainly has no business messing with Sector 0 or the boot blocks unless it gets explicit permission, advises users of the risks in messing with the boot block, prompts the user to back anything up that's there right now, and writes its bits only to the portion of the boot block that is provided for its required purpose.

      It may detect bootloaders, and update their configuration, if the user accepts that, but bootloader configuration is generally stored on the boot volume not the boot block

      • by FuckingNickName (1362625) on Saturday August 28, 2010 @06:04PM (#33405560) Journal

        The "boot block" is precisely one sector right at the start of the fixed disk, with some space being taken up by the primary partition table, signature, etc. The problem is not Grub (and certain Windows software) writing to this area, but writing to unpartitioned space elsewhere on the drive.

        This is as wrong as looking at some filesystem, discovering that certain free blocks are unlikely to be allocated, and then using that space for storage.

  • by Nemyst (1383049) on Saturday August 28, 2010 @05:29PM (#33405378) Homepage
    Protecting your laptop from open source commies. And maybe viruses.
  • by Anonymous Coward on Saturday August 28, 2010 @05:33PM (#33405402)

    WTF is this "embedding area?" It sound like GRUB is misusing the disk geometry to find unused space and then getting upset that other programs do that too.

    Googling for "embedding area" find that it's a term that GRUB 2 made up and that it's not really a part of anything. In fact, apparently this space doesn't even exist under EFI systems, and that this "embedding area" is an artifact from DOS.

    So, basically, GRUB is misusing the disk to store information in a place it has no right to be touching, and then getting upset that other people make the same mistake. Genius.

    • by Spazmania (174582) on Saturday August 28, 2010 @05:44PM (#33405458) Homepage

      It makes sense for a bootloader to place data and code outside of partitioned space. It makes more sense to place the code inside a partition, even if it's a one-track partition dedicated to the bootloader. If they collided with components of Windows' bootloader or FreeBSD's bootloader, or some pre-boot hard disk encryption software I'd have little sympathy for them.

      On the other hand, user-level apps storing data on the hard disk outside of partitioned space is very bad mojo. They should not be doing that. Ever. Period.

      • Re: (Score:3, Interesting)

        by Sir_Sri (199544)

        which goes to the question of whether or not some of these programs really count as user level. Is anti virus user level? Well it can be, but what about one that blocks rootkits? What about one that is trying do something crazy related to virtualization? What if HP just assumes you're either too stupid to use unbuntu on your computer or are smart enough to not use their terrible software anyway?

        PC angel and HP protect conceivably live outside the OS level, well actually they do basically the same thing

        • by thsths (31372) on Sunday August 29, 2010 @04:57AM (#33407776)

          > Though adobe in this one looks like they deserve to be slapped around a bit, if the conjecture is accurate.

          Adobe deserve to be slapped around a bit (and then a bit more). Period.

          Otherwise I think the problem is (again) the BIOS. It only loads the 1st sector to boot, when 63 sectors (or 2048 with EFI) are reserved. Back in the old days you could just fit some FAT16 code in there to find the DOS image - but only at the expense of error handling. Nowadays you have to load the next stage from a fixed position - and the only position that is certainly fixed are the other 62 sectors. So they are the logical place for a boot loader.

          You could add a boot partition, but with only 4 partitions available, that would use up a very limited resource. And I guess even if you put a boot partition into the first 63 sectors (which is now perfectly possible), Adobe would still overwrite it (and Windows would possibly freak out).

      • by 0123456 (636235) on Saturday August 28, 2010 @06:40PM (#33405776)

        It makes sense for a bootloader to place data and code outside of partitioned space. It makes more sense to place the code inside a partition, even if it's a one-track partition dedicated to the bootloader.

        It would, if you could actually get more than four partitions on a hard drive with the 90+% of BIOSes which can't boot properly from a GPT drive.

        My new laptop came with _THREE_ recovery partitions and a Windows partition, so I had to delete one of the recovery partitions to be able to install Linux at all... where would I get another partition for Grub to run from without deleting all the recovery data?

        So the big problem is that we're still stuck with shitty MS-DOS disk formats from the 1980s.

        • Re: (Score:3, Informative)

          by couchslug (175151)

          "where would I get another partition for Grub to run from without deleting all the recovery data?"

          I just make recovery media and blow the old partitions away.

    • by FuckingNickName (1362625) on Saturday August 28, 2010 @05:54PM (#33405502) Journal

      Bingo. It is absolutely wrong to put data outside of partitioned space, and it is insane to blame something else for your own bug. Indeed, one security measure when installing a new system might be to zero out all unpartitioned space and then make sure nothing is ever written to it - Grub makes this impossible.

      Grub should use an existing partition to store all the bits which don't fit inside the MBR, following the lead of EFI system partitions if necessary but supporting various common filesystems otherwise. Instead they use an atrocious hack to try to make things look neat.

      • Re: (Score:3, Informative)

        by John Hasler (414242)

        Grub should use an existing partition to store all the bits which don't fit inside the MBR...

        We call that LILO.

        • by alexhs (877055) on Saturday August 28, 2010 @06:18PM (#33405650) Homepage Journal

          It's also called "GRUB with blocklists"

          You can find more here [archlinux.org],
          and in my other post [slashdot.org]

      • by MBCook (132727) <foobarsoft@foobarsoft.com> on Saturday August 28, 2010 @06:45PM (#33405812) Homepage

        If it's wrong to put data outside of partitioned space, what are these user spaces apps doing writing there? I can see a pretty good case for boot loaders doing this (the comment below about the 4 partition limit is one). Why is a copyright/licensing program writing there (which is what Flexnet seems to be)?

        What's to prevent one of these programs from overwriting the data another makes? How would you like it if every time you ran NewSuperGameWithDRM, Photoshop lost it's license and forced you to phone home to reconfirm it?

        • Re: (Score:3, Insightful)

          by flimflammer (956759)

          There is really no good case for any program of any nature to write data into unpartitioned space. GRUB basically called dibs on the space and gave it their own flashy name (never heard of "embedding area"). Now that other programs are nulling out the space as it should not contain data, they're crying foul. GRUB should be placing the data it can't fit on the MBR into an existing partition, not mucking up unpartitioned space on the disk.

          For situations like PC Angel doing this, PC Angel is designed to restor

      • Re: (Score:3, Informative)

        by Skapare (16644)

        A 512 byte sector (MBR) does not have enough space for code to read a filesystem. So either you waste a whole partition just for the next bootloader stage ... which in the days of MBR partitions, there were not enough available to do that ... or you just sequence the sectors after the MBR, which then gives enough space to load minimal filesystem read-only support. LILO can play tricks to fake raw sectors inside a filesystem, but that is a very fragile setup that breaks whenever the filesystem is changed.

        I

  • Nothing to see here...Just proprietary companies fucking up some computers. What do they care? They've got a large market to sere that doesn't run our far-superior POSIX compatible kernels.

    I honestly hope there is a way to sue them, though I don't think there is.
    • Re: (Score:2, Interesting)

      by vux984 (928602)

      Just proprietary companies fucking up some computers.

      Does grub have any more reason to be there these other companies? It looks like nobody is supposed to be there... including grub.

      • Re: (Score:3, Informative)

        by arose (644256)
        Yes, it does. GRUB deals with the boot process, it's one of the things that do have any business of being there.
        • Re:Move along (Score:4, Informative)

          by Anonymous Coward on Saturday August 28, 2010 @05:54PM (#33405498)

          Wrong, GRUB belongs in the MBR, not in some unpartioned space that is not supposed to be of use, if they have a problem with that, just keep that thing (GRUB) small or create a partition.

          • Re: (Score:3, Interesting)

            by 0123456 (636235)

            Wrong, GRUB belongs in the MBR, not in some unpartioned space that is not supposed to be of use, if they have a problem with that, just keep that thing (GRUB) small or create a partition.

            How do you plan to boot from an arbitrary Linux partition using a 512-byte boot loader?

            • Re:Move along (Score:4, Informative)

              by Dahamma (304068) on Saturday August 28, 2010 @07:39PM (#33406110)

              The way most other boot loaders have done it (including the original GRUB). Put enough code in the MBR to load the rest of the code and config out of a second location. The smart ones actually use a real partition for that, though, so no one overwrites it.

              • Re:Move along (Score:5, Interesting)

                by Nimey (114278) on Saturday August 28, 2010 @09:20PM (#33406486) Homepage Journal

                Heh, funnily enough that's exactly what Windows 7 does. If you install it to an empty drive, it'll create two partitions - one small one (a couple hundred megs?) for the boot loader, and the rest for Windows itself.

                • Re: (Score:3, Informative)

                  by Dahamma (304068)

                  Yeah, that's actually why most Linux distros recommend a "/boot" partition that is as simple as possible (ie ext2, not a journaling fs). Once the files are written to that partition, it stores the exact location of the executable and config files into the MBR so that it can find them.

                  At least that's how "GRUB 1" worked... sounds like "GRUB 2" tried to be clever and it didn't work out so well...

      • Re:Move along (Score:5, Insightful)

        by osu-neko (2604) on Saturday August 28, 2010 @06:18PM (#33405644)

        Does grub have any more reason to be there these other companies?

        It does if I put it there. Nothing should be automatically written into partitioned space. Partitioning defines what areas of the disk I want to be automatically written to using whatever scheme I define by setting the partition type. Anything outside that, I'm free to manage any way I please. I can put a block-oriented FORTH program there if I like, individually managing "screen" loads and saves in the FORTH code. Or whatever. The point is, they're my blocks to do with as a like, and nothing should be written there except what I explicitly write there.

        Among other things, it does mean that if I choose to write GRUB data there, it should be perfectly safe there. If it isn't, that's a serious bug in whatever program overwrote the unpartitioned block(s).

    • Re: (Score:2, Insightful)

      by lgw (121541)

      They've got a large market to sere that doesn't run our far-superior POSIX compatible kernels.

      Windows (at least the current NT-based flavors) is POSIX compatible, you know.

      • Re: (Score:3, Informative)

        by RobertLTux (260313)

        sort of the same way a hummer is JATO compatable

        • by lgw (121541)

          Windows really is - it's just that "POSIX compatible" isn't a very useful label.

          • Re: (Score:2, Informative)

            by Anonymous Coward

            This isn't actually true. It used to be. Windows NT was POSIX.1 compatible (which is not very useful, and definitely doesn't imply that you can take POSIX software and run it on Windows NT without significant porting effort).

            But Microsoft removed that feature from Windows XP onwards. Now the only way to get POSIX compatibility in Windows is to download and install a separate component that adds limited POSIX capabilities. Frankly anyone who cares about POSIX will just use an actual UNIX or a clone like

      • by Jorl17 (1716772) on Saturday August 28, 2010 @06:35PM (#33405742)
        Oh, yes! Much like .NET is cross-platform! And the Windows API!!


        Oh, wait...
  • by Technomancer (51963) on Saturday August 28, 2010 @05:40PM (#33405432)

    While MBR has some function, the rest of sectors between MBR and the first partition was always a great area.
    Many MBR viruses put their stuff there. Many stupid programs use it to store DRM data, so they can check whether they were copied to other computer
    If GRUB is using this region too, it is equally stupid. There is no protocol for allocating this area and there is no guarantee that this data is not going to be overwritten by any other stupid program.
    So nothing to see here, move aling, it is just Core Wars between stupid programs.
    GRUB developers should have known better.

    • by sjames (1099) on Saturday August 28, 2010 @06:15PM (#33405630) Homepage

      There is a fairly strong convention there that userspace data goes in partitions and boot loaders low-level stuff go outside of partitions. The "unused" sectors on track 0 have long been considered as reserved for boot loader. It's even in the original specs.

      Yeah, viruses use that space sometimes, but by nature a virus ignores boundaries anyway, DRM, that is, software that hides itself from the user and makes the computer malfunction (by not doing the owner's bidding) is just a special case of virus.

  • by Andorin (1624303) on Saturday August 28, 2010 @05:40PM (#33405434)
    From the article:

    At least some occurrences of this are with software which writes a signature to the embedding area which hangs around even after uninstallation (even with one of those tools that tracks everything the installation process did and reverses it, I gather), so that you cannot uninstall and reinstall the application to defeat a trial period.

    So once again DRM is fucking with peoples' abilities to use their computers. Except this particular bit of DRM doesn't just screw with Windows; it could potentially screw with every OS on your drive (or screw with your ability to access them, at any rate).

    Yeah, it's not conventional DRM, but it's a form of DRM in that it restricts the user in some arbitrary way (and, I ought to add, breaks something else in the process... that too should be part of the definition of DRM).

  • Not surprised (Score:3, Insightful)

    by Murdoch5 (1563847) on Saturday August 28, 2010 @05:49PM (#33405470)
    Got to say this isn't surprising at all. Windows has never favored the dual boot setup. In the mind of Microsoft, there product should be the only one to touch the drive and thats it. Personally I run 2 dual boot setups. 1 on my notebook and 1 on my desktop. The amount of times that Windows has chosen to just over write grub and leave me with no way to get into Linux is amazing. What Microsoft should do to show there a team player is put code into the install to detect a grub install and then append the correct entry into the grub file to setup the dual boot.

    I know this will very likely never happen but it would be a good step to be taken by Microsoft.
  • blindly overwriting hard disk content between the MBR and the first partition destroying information already stored there

    There's no allocation scheme nor some kind of magic number to identify the content in that zone, so there is no 'smart' way to write in that zone. You could check for zeroes, which is fine fine for a new disk, then ask the user if you find that the area has been previously written, but the user usually won't know and will only be confused.

    The 'smart' thing to do is not only to not write in that area (as reported, GRUB stage 1.5 can be erased), but also to not write in the MBR as too many OSes will overwrite

  • If these apps are writing outside the file system, and doing so in an undocumented fashion, is this not; in some sense, a definition of malicious activity?

  • by John Hasler (414242) on Saturday August 28, 2010 @05:58PM (#33405526) Homepage
    And yes, LILO is still supported and under development. LILO 23 [debian.org]
  • Isn't it about time we had the Linux, Windows, and OS X guys sit down and agree on a standard for booting into multiple Operating Systems that wasn't invented in the early 1990s? I mean, just create a VERY simply little standard everyone can agree on that simply allows boot loaders to be called.

    I know, I know, insanely wishful thinking. Unfortunately there is no benefit for either Apple or Microsoft to ever agree to even the concept of multi-boot since it is against their respective business models. May
    • Unfortunately there is no benefit for either Apple or Microsoft to ever agree to even the concept of multi-boot since it is against their respective business models.

      Um ... ever heard of Boot Camp? Apple not only "agrees" to multi-booting, they actively support it. Blame Microsoft for hostility to the concept all you want, but there's no reason to drag Apple into it.

    • I've often wished for this as well. There is no excuse for not having some sort of multi-OS standard for booting.
  • by Animats (122034) on Saturday August 28, 2010 @06:20PM (#33405660) Homepage

    The big headache is FLEXnet, Adobe's "license manager". It's a specialized rootkit that gives the remote licensing system access to the machine at a low level. Which is why it tends to break things a Windows application shouldn't be able to break. On Windows, it runs a background service and contacts a remote server frequently, sending undocumented information to the remote server and accepting update commands to change software already on the computer.

    FLEXnet is the successor to FlexLM, a licensing system from the 1980s. [wikipedia.org] It started as a UNIX product. It's been owned at various times by Highland, Globetrotter, Macrovision, and Thoma Cressey Bravo. It was unreliable in the 1990s, and the passage of time does not seem to have improved things.

    In general, it's best to avoid buying Adobe products which install the FLEXnet license server.

    • Flexlm rant (Score:5, Interesting)

      by dbIII (701233) on Saturday August 28, 2010 @09:29PM (#33406520)
      Flexlm is about as evil a piece of software I've ever seen. It only exists to punish the innocent that have actually paid for the licence and to fleece the software vendors that have paid for this bit of rubbish that is easier to circumvent than it is to use. Due to compatibility bugs I'm still running a fucking RedHat7.2 machine just to feed the other Centos5 machines a licence - so one machine doing nothing but burning electricity and handing out a licence. Running it in a VM would of course void the licence, as would one of the many simple workarounds to disable flexlm.
      A later MS Windows version I had the misfortune to use had a Y2K bug in 2008! With an update our perpetual licences were marked as expired in 2000. It took two weeks to get a fix out of Macrovision.
  • by McD (209994) on Saturday August 28, 2010 @06:50PM (#33405836)

    We've been down this road before. In 2003, Intuit's Turbo Tax (for tax year 2002) pulled the same stunt [goodells.net], indiscriminately overwriting sectors at the beginning of the disk (outside any partition) and trashing people's bootloaders.

    All in the futile pursuit of DRM. That's reason enough for me to use Tax Cut, instead, every year since.

  • Nothing new (Score:4, Interesting)

    by eggman9713 (714915) <{eggman97132007} {at} {mac.com}> on Saturday August 28, 2010 @08:31PM (#33406326)
    This has been a problem with older versions of Dreamweaver. As part of the copy protection, it would write data to the space between the MBR and the first partition. Steve Gibson talked about it on Security Now episode 132 (circa 2008) when discussing how this issue fubar'd TrueCrypt (unless you had a recovery CD) just after it came out with its whole-disk encryption ability.

Any sufficiently advanced technology is indistinguishable from a rigged demo. - Andy Finkel, computer guy

Working...