[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y342oUJu9CFHNmlW@kroah.com>
Date: Wed, 23 Nov 2022 16:05:05 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Johannes Berg <johannes@...solutions.net>
Cc: linux-kernel@...r.kernel.org,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Kalle Valo <kvalo@...nel.org>,
Oleksij Rempel <linux@...pel-privat.de>,
Maciej Żenczykowski <maze@...gle.com>,
Neil Armstrong <neil.armstrong@...aro.org>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
Andrzej Pietrasiewicz <andrzejtp2010@...il.com>,
Jacopo Mondi <jacopo@...ndi.org>,
Łukasz Stelmach <l.stelmach@...sung.com>,
Laurent Pinchart <laurent.pinchart@...asonboard.com>,
linux-usb@...r.kernel.org, netdev@...r.kernel.org,
linux-wireless@...r.kernel.org,
Ilja Van Sprundel <ivansprundel@...ctive.com>,
Joseph Tartaro <joseph.tartaro@...ctive.com>
Subject: Re: [PATCH] USB: disable all RNDIS protocol drivers
On Wed, Nov 23, 2022 at 03:20:36PM +0100, Johannes Berg wrote:
> On Wed, 2022-11-23 at 13:46 +0100, Greg Kroah-Hartman wrote:
> > The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on
> > any system that uses it with untrusted hosts or devices. Because the
> > protocol is impossible to make secure, just disable all rndis drivers to
> > prevent anyone from using them again.
> >
>
> Not that I mind disabling these, but is there any more detail available
> on this pretty broad claim? :)
I don't want to get into specifics in public any more than the above.
The protocol was never designed to be used with untrusted devices. It
was created, and we implemented support for it, when we trusted USB
devices that we plugged into our systems, AND we trusted the systems we
plugged our USB devices into. So at the time, it kind of made sense to
create this, and the USB protocol class support that replaced it had not
yet been released.
As designed, it really can not work at all if you do not trust either
the host or the device, due to the way the protocol works. And I can't
see how it could be fixed if you wish to remain compliant with the
protocol (i.e. still work with Windows XP systems.)
Today, with untrusted hosts and devices, it's time to just retire this
protcol. As I mentioned in the patch comments, Android disabled this
many years ago in their devices, with no loss of functionality.
thanks,
greg k-h
Powered by blists - more mailing lists