Some Windows Apps Make GRUB 2 Unbootable 429
Posted
by
timothy
from the windows-is-to-boot-out-not-up dept.
from the windows-is-to-boot-out-not-up dept.
KwahAG writes "Colin Watson, one of the Ubuntu developers, published in his blog information about Windows applications making GRUB 2 unbootable. Users of dual-boot Windows/Linux installations may face the problem, which boils down to particular Windows applications (Colin does not name them, but users point at least to HP ProtectTools, PC Angel, Adobe Flexnet) blindly overwriting hard disk content between the MBR and the first partition destroying information already stored there, in this particular case — the 'core image' of GRUB 2 (GRand Unified Bootloader) making the system unbootable."
Re:Solution: (Score:3, Insightful)
A few years ago this would have been a much more fair question... now it's just troll/flamebait. I run as a limited user at both work and home, and for the most part it's installers and a couple other apps you'd expect which need admin rights.
(Even when Vista was new I kept a log of all the elevations I gave in a month or so, and with a couple exceptions (one of which has been since fixed and one of which was a stupid utility I didn't really need) they were basically on-par with what you'd need to 'sudo' to do in Linux.)
Re:Not a bug. (Score:3, Insightful)
Re:WTF is the "embedding area"?! (Score:5, Insightful)
It makes sense for a bootloader to place data and code outside of partitioned space. It makes more sense to place the code inside a partition, even if it's a one-track partition dedicated to the bootloader. If they collided with components of Windows' bootloader or FreeBSD's bootloader, or some pre-boot hard disk encryption software I'd have little sympathy for them.
On the other hand, user-level apps storing data on the hard disk outside of partitioned space is very bad mojo. They should not be doing that. Ever. Period.
Not surprised (Score:3, Insightful)
I know this will very likely never happen but it would be a good step to be taken by Microsoft.
Re:WTF is the "embedding area"?! (Score:5, Insightful)
Bingo. It is absolutely wrong to put data outside of partitioned space, and it is insane to blame something else for your own bug. Indeed, one security measure when installing a new system might be to zero out all unpartitioned space and then make sure nothing is ever written to it - Grub makes this impossible.
Grub should use an existing partition to store all the bits which don't fit inside the MBR, following the lead of EFI system partitions if necessary but supporting various common filesystems otherwise. Instead they use an atrocious hack to try to make things look neat.
Re:Solution: (Score:2, Insightful)
Rather than dual boot just run windows out of a VM if you must run windows.
Re:Solution: (Score:3, Insightful)
Yeah, because games sure do great in a VM.
Re:Solution: (Score:2, Insightful)
Yea, article is somewhat trollish, all three apps listed are server apps, and who the fuck would dual boot a server?
Re:Move along (Score:2, Insightful)
They've got a large market to sere that doesn't run our far-superior POSIX compatible kernels.
Windows (at least the current NT-based flavors) is POSIX compatible, you know.
Re:It is free for all region (Score:5, Insightful)
There is a fairly strong convention there that userspace data goes in partitions and boot loaders low-level stuff go outside of partitions. The "unused" sectors on track 0 have long been considered as reserved for boot loader. It's even in the original specs.
Yeah, viruses use that space sometimes, but by nature a virus ignores boundaries anyway, DRM, that is, software that hides itself from the user and makes the computer malfunction (by not doing the owner's bidding) is just a special case of virus.
Re:Move along (Score:5, Insightful)
Does grub have any more reason to be there these other companies?
It does if I put it there. Nothing should be automatically written into partitioned space. Partitioning defines what areas of the disk I want to be automatically written to using whatever scheme I define by setting the partition type. Anything outside that, I'm free to manage any way I please. I can put a block-oriented FORTH program there if I like, individually managing "screen" loads and saves in the FORTH code. Or whatever. The point is, they're my blocks to do with as a like, and nothing should be written there except what I explicitly write there.
Among other things, it does mean that if I choose to write GRUB data there, it should be perfectly safe there. If it isn't, that's a serious bug in whatever program overwrote the unpartitioned block(s).
Re:Solution: (Score:5, Insightful)
OK, I can see AV software requiring raw disk access. I can't see why it would need to be able write to that section of the disk if there is no virus there.
Of the 3 programs listed, none are anti-virus. HP's software is for heavy duty keycard/usb dongle access to the computer - it might be trying to secure the bootstrap - however if that's what it's doing it should be replacing grub not just writing to the disk.
PC Angel is backup/recovery software ... WTF does it need raw disk access? It's not like your computer is accidentally going to be writing files outside the partition.
Adobe's netflex is their DRM. It's obvious why they want to write their information outside the partition - to make it harder to discover & alter - but I'll tell you that if I found a program doing that - I'd yank it off of any network I was running. You want to run on my networks, you color within the lines. I'm not wasting my time hunting down why a chunk of software is writing where it's going to be hard for my AV software to check it, I'm yanking it & tossing it in the trash.
Yeah, just a great idea to toss your proprietary code chunks into random places on the hard drive that 'nobody uses anyway'. It's a file system for a reason.
Unfortunately, the only company that's going to get any flak over this is Adobe. People are going to get work stations with the HP software installed & installing the netflex software will break it. Once that happens, Adobe will get called by "big important companies" and bitched at. HP & PC angel will merrily go on their way with only a few 'fringe crackpots' having an issue with their software.
"built his house upon the sand" (Score:5, Insightful)
Unless you honestly believe that "Son of Vista" is more reliable and stable than Linux. In which case, I recommend you get help from a competent mental health professional.
Re:WTF is the "embedding area"?! (Score:5, Insightful)
It makes sense for a bootloader to place data and code outside of partitioned space. It makes more sense to place the code inside a partition, even if it's a one-track partition dedicated to the bootloader.
It would, if you could actually get more than four partitions on a hard drive with the 90+% of BIOSes which can't boot properly from a GPT drive.
My new laptop came with _THREE_ recovery partitions and a Windows partition, so I had to delete one of the recovery partitions to be able to install Linux at all... where would I get another partition for Grub to run from without deleting all the recovery data?
So the big problem is that we're still stuck with shitty MS-DOS disk formats from the 1980s.
Re:WTF is the "embedding area"?! (Score:5, Insightful)
If it's wrong to put data outside of partitioned space, what are these user spaces apps doing writing there? I can see a pretty good case for boot loaders doing this (the comment below about the 4 partition limit is one). Why is a copyright/licensing program writing there (which is what Flexnet seems to be)?
What's to prevent one of these programs from overwriting the data another makes? How would you like it if every time you ran NewSuperGameWithDRM, Photoshop lost it's license and forced you to phone home to reconfirm it?
a simple rule (Score:1, Insightful)
Your software has NO business writing to the MBR. EVER... The MBR and the installation of device drivers should be reserved for *legitimate* use, such as providing support for hardware, or multibooting another OS. This is yet another reason not to trust proprietary software. The bottom line is this: you do not know how the end-user has configured his machine. Therefore you should not fsck with unnecessary portions of the system that are not intended to be routinely modified.
Re:WTF is the "embedding area"?! (Score:3, Insightful)
There is really no good case for any program of any nature to write data into unpartitioned space. GRUB basically called dibs on the space and gave it their own flashy name (never heard of "embedding area"). Now that other programs are nulling out the space as it should not contain data, they're crying foul. GRUB should be placing the data it can't fit on the MBR into an existing partition, not mucking up unpartitioned space on the disk.
For situations like PC Angel doing this, PC Angel is designed to restore your machine back to the state it was in when you first obtained it. It makes complete sense for things like GRUB and its rogue data sitting in unpartitioned space to be overwritten when that happens
Re:Solution: (Score:5, Insightful)
Re:Solution: (Score:5, Insightful)
> Or how about I continue to dual-boot, and use my PC the way I want to?
You know the drill. Microsoft isn't going to cooperate with that. Now it seems so of their stooges will also "help".
Re:"built his house upon the sand" (Score:3, Insightful)
> Time to grow up.
Grown up people usually go for "stability" over the "shiny stuff".
The "grown up" approach is infact to leave Windows in the VM.
Re:Solution: (Score:5, Insightful)
> Yea, article is somewhat trollish, all three apps listed are server apps, and who the fuck would dual boot a server?
In a "grown up" OS, the server apps don't run as Administrator.
Re:LILO is immune to this. (Score:5, Insightful)
... which is better than adding 3 lines to /boot/menu.list or /boot/grub.conf how?
I still see to fail why GRUB2 is a big deal (right now at least).
Re:Solution: (Score:4, Insightful)
Say no to any DRM'd shit!
Re:Malicious by definition? (Score:4, Insightful)
Are you implying that GRUB, which is a bootloader, and whose code is available, is writing in the boot area in an undocumented fashion?
One would presume that a bootloader is supposed to write in the boot area. One is not likely to presume a userland app in a high level OS is writing in the boot area.
Re:meh (Score:2, Insightful)
For everything else we may be better off consigning the entire fetid swamp to a virtual machine and let it do whatever it wants to its virtual disk. I've even had to do that to get some badly behaved software to run on a Win7 box by putting WinXP on a VM.
Don't get me wrong, I like the way MS is cleaning up their act. However add a few applications and the system still turns into a fetid swamp.
Re:WTF is the "embedding area"?! (Score:3, Insightful)
There were many reasons to switch to grub. The limited namespace for bootable configurations was one: the old 1023 cylinder issue, where the entire partition containing LILO had to be within the first 1023 cylinders of the hard drive, which was why many Linuxes required a small first partition for "/boot", was another. The need to re-install the boot loader, every time you added a kernel to your boot list, was another.
I'm personally hoping for the Linuxbios project to progress and eliminate many of the legacy booting problems, including the peculiar steps necessary for grub and lilo. It's also far faster to boot, much more documented, and supports resetting BIOS settings without rebooting the system.
Re:"built his house upon the sand" (Score:5, Insightful)
That's because Linux is 100% as vulnerable to ... Linux uses security by "obscurity"...
You really have things backwards. Linux source code is GPL freely available for anyone to inspect. Windows source is proprietary and secret, which Gates testified before Congress was necessary because it was a national resource that should be kept secret for security reasons ... until Gates gave the Chinese copies of the XP source because it was their price for Microsoft to do business in China. So, it is Microsoft that practices "security by obscurity".
Actual security? The 1,000,000 + zombies that are appearing on the giant bot farms discovered every so often are compromised Windows boxes, not Linux or Mac OS X boxes. Ballmer himself put the Linux desktop market share at around 10% [osnews.com] and called Linux a greater competitive threat than Apple. With that percentage and, according to you Linux is equally as vulnerable, then why isn't 100,000 of those zombies Linux boxes?
And, if Linux is so easy to compromise then why did professional hackers spend more than 6 months last year just to capture only 700 Linux boxes [blogspot.com] using brute force password cracking when, according to you, all they had to do was spend a day or two to lure a few hundred thousand Linux users to their porn site honey pot?
Morons are those who drink Microsoft's Kool-aide and become brainless human zombies chanting MS Technical Evangelists astroturf postings as if they are fact.
Re:WTF is the "embedding area"?! (Score:3, Insightful)
Why does your bootloader partition need to concern itself with space efficiency, permissions and filename restrictions?
This was done already, a separate /boot partition.
Everybody ended up hating that idea with a passion.
Re:"built his house upon the sand" (Score:3, Insightful)
Actually, 99.5% is a little high. Try something closer to 80%.
And yes, I'm speaking from the experience of cleaning systems where windows has Zero day vulnerabilities recently discussed here where simply going to an infected website was enough not to mention programs masquerading as legitimate installed programs because the legitimate programs draws it's window frames from IE and it's almost identical when it pops up saying "infection found, do you want to delete it". and lets not mention the recent network solutions app infections recently discussed here too.
We have a few sites that all web access is audited with log trails that even reveal what is types into word processors (the owners are anal about security and yes, working there is hell too). We tracked a few infections back to the ads served on some legitimate sites where the system was infected before the user had a chance at clicking anything. Of course our AV caught the infections but not before the winsock stack got hosed and we needed to reset it with the netsh command. And I stress again, this was with no user interaction other then going to a legitimate website for official work use as our tracking software showed. And this was also only a couple of weeks ago.
Re:LILO is immune to this. (Score:4, Insightful)
I failed to see what the big benefit of GRUB was in the first place. It adds a huge amount of complexity for standard Intel boxes, minimal benefits, and when it was first jammed into distros, regressed all sorts of use cases (such as booting from broken software RAIDs).
Much like the Linux audio subsystems, it's a tail of throwing out something that works for 90% of users, replacing it with something of dubious virtue, and then declaring the remaining problems too hard to solve and moving on to the Next Big Thing (GRUB 2 in this case), while giving you a pile of new and insane problems to deal with.
Wow, it's Rip Van Winckle! (Score:1, Insightful)
Wow, it's Rip Van Winckle!
"Probably not until xorg and the linux kernel get decent 3d support for ati or nvidia. (decent meaning at least as fast the closed source drivers for a large subset of openGL and fully implements all the 3d functions of the closed source drivers.)"
The nVidia linux driver IS their closed source driver, FWIT.
And AMD have released a full 3D open source GPL compliant driver for their recent cards.
Please, go back and read some news sites from 5 years ago, they'll fill you in on what you missed while asleep.
Re:It is free for all region (Score:3, Insightful)
``The problem is nobody owns it. This is what got GRUB developers in trouble. It is just there as an artifact of aligning first partition to full cylinder. Which is not requirement either, fdisk just did it so then everyone else followed.
Since nobody owns it and it is not specified anywhere it has become free for all to mess with it. And hilarity ensued.''
Right.
Unlike many other posters of this thread, however, I think there is something to be said for using the entire space before the first partition (can be one sector, can be multiple cylinders) for the boot loader. There is simply only so much code you can put in the MBR, and although you can implement support for FAT (at least FAT12 and FAT16) there, I wouldn't expect the same to be true for other filesystems. Support for such filesystems needs to go somewhere, so why not in a "boot area"?
Of course, if you want to expect something to work, it needs to be specified, so there would need to be a standard for it. Perhaps the MBR could be extended with a description of the boot area (and, probably, a magic number to indicate the presence of this information), or perhaps the description and magic numbers could be put in the newly defined boot area itself.
The way GRUB has done this has always been a hack and has not always worked. Having said that, GRUB is the most featureful, convenient, and _reliable_ boot loader I have ever used, so I think they've done a good job. Bootstrapping a PC is hacky business, anyway.
Re:Solution: (Score:3, Insightful)
This looks like an intentional, if misguided feature of these programs. It's not like they run as Administrator by default and mess up your stuff without any input from you.
It sounds like they just want to get rid of any code that they don't recognize as being part of the MBR. Not unreasonable if you're just running a pure Windows system, I suppose. The misguided part is assuming that anything there must be a boot-sector infector and not asking if the user is in a multiboot configuration (or better yet, checking first for legitimate alternate boot loaders.) I can't believe the developers didn't realize that something like Grub exists, but I imagine the higher-ups figured it wasn't worth the development time to do anything more sophisticated.
This is the reason why I generally multiboot from different physical drives (usually removable: you don't have to worry about anything being overwritten if you simply swap the boot drive.) It's not like hard disks are particularly expensive anymore, and if all you need is enough space to boot the OS it's not a big deal.
Re:WTF is the "embedding area"?! (Score:3, Insightful)
Which sucks for the warranty tech (sub contractor) who was not provided any diagnostic disks because the manufacturer expects the utility partition to still be there.
And that is just patently ridiculous. I simply cannot believe that users have accepted manufacturers saving a few pennies by not shipping a CD or DVD of the operating system.
That contractor either a. has a copy of the requisite media, or can get it or b. can't replace a defective hard drive. Lose the drive, lose the recovery data.
Re:Solution: (Score:2, Insightful)
Fine. I have a $800 desktop of which I use the full functionality in both Windows and Linux. Please send me a check for $800 + the cost of a KVM switch (the KVM must include the switching of three monitors, multiple USB devices, and sound) and I'll adopt your solution.
Re:LILO is immune to this. (Score:3, Insightful)
Just remember if you're trying to add any new OS to it that /etc/grub.d/40_custom is your friend. Add your OS to it, then update-grub, and it will be on the menu the next boot.
I couldn't find /etc/grub.d nor update-grub in grub's documentation. You sure this isn't some distribution specific bit?
From the grub doc (Node: Configuration):
GRUB is configured using `grub.cfg', usually located under `/boot/grub'.
(Node: Simple Configuration)
The program `grub-mkconfig' (*note Invoking grub-mkconfig::) generates `grub.cfg' files suitable for most cases.
(Node: Changes From Grub Legacy)
The configuration file is now written in something closer to a full scripting language: variables, conditionals, and loops are available.
So how does this make configuring grub easier?
Re:Solution: (Score:1, Insightful)
GIMP won't be a photoshop competitor until 2.8 is released *AND* they change the name to something people can take seriously. Personally I think Canonical should rebrand GIMP in ubuntu repos as something sane and keep their own brand until the developers can think of something that doesn't completely suck. The day they do, I'll call it by the name Canonical gives it until a proper solution for this problem is implemented.