| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87ilrl1jif.fsf@miraculix.mork.no>
Date: Thu, 07 Apr 2022 08:43:04 +0200
From: Bjørn Mork <bjorn@...k.no>
To: Lech Perczak <lech.perczak@...il.com>
Cc: netdev@...r.kernel.org, linux-usb@...r.kernel.org,
Kristian Evensen <kristian.evensen@...il.com>,
Oliver Neukum <oliver@...kum.org>
Subject: Re: [PATCH 3/3] rndis_host: limit scope of bogus MAC address
detection to ZTE devices
Lech Perczak <lech.perczak@...il.com> writes:
> Reporting of bogus MAC addresses and ignoring configuration of new
> destination address wasn't observed outside of a range of ZTE devices,
> among which this seems to be the common bug. Align rndis_host driver
> with implementation found in cdc_ether, which also limits this workaround
> to ZTE devices.
Reviewed-by: Bjørn Mork <bjorn@...k.no>
Yes, this is a much better solution.
We have no business rejecting the address chosen by the device, even if
it is "locally administered". The device has every right to use a local
address on a link with no other devices, which is the case for every
cellular modem for example.
And even if we believe the device is wrong there isn't much we can do
about that.
Rejecting the device address, with no way to inform the device about a
new address, implies that host and device disagrees about it. This does
not fix anything. It just makes the host to silentlig drop all packets,
leaving the user with a non-working device.
I take full responibility for coming up with the idea of over-
simplifying the original workaround proposed by Kristian. It wasn't very
well thought over.
Thanks to Lech for fixing this!
Bjørn
Powered by blists - more mailing lists