lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 23 Nov 2022 16:55:53 +0100
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Nicolas Cavallari <nicolas.cavallari@...en-communications.fr>
Cc:     linux-kernel@...r.kernel.org,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>, Kalle Valo <kvalo@...nel.org>,
        Oleksij Rempel <linux@...pel-privat.de>,
        Maciej Żenczykowski <maze@...gle.com>,
        Neil Armstrong <neil.armstrong@...aro.org>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        Andrzej Pietrasiewicz <andrzejtp2010@...il.com>,
        Jacopo Mondi <jacopo@...ndi.org>,
        Łukasz Stelmach <l.stelmach@...sung.com>,
        Laurent Pinchart <laurent.pinchart@...asonboard.com>,
        linux-usb@...r.kernel.org, netdev@...r.kernel.org,
        linux-wireless@...r.kernel.org,
        Ilja Van Sprundel <ivansprundel@...ctive.com>,
        Joseph Tartaro <joseph.tartaro@...ctive.com>
Subject: Re: [PATCH] USB: disable all RNDIS protocol drivers

On Wed, Nov 23, 2022 at 04:40:33PM +0100, Nicolas Cavallari wrote:
> On 23/11/2022 13:46, Greg Kroah-Hartman wrote:
> > The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on
> > any system that uses it with untrusted hosts or devices.  Because the
> > protocol is impossible to make secure, just disable all rndis drivers to
> > prevent anyone from using them again.
> > 
> > Windows only needed this for XP and newer systems, Windows systems older
> > than that can use the normal USB class protocols instead, which do not
> > have these problems.
> > 
> > Android has had this disabled for many years so there should not be any
> > real systems that still need this.
> 
> I kind of disagree here. I have seen plenty of android devices that only
> support rndis for connection sharing, including my android 11 phone released
> in Q3 2020. I suspect the qualcomm's BSP still enable it by default.

Qualcomm should not have it enabled, and if they do, they are adding
code that Google says should not be enabled, and so Qualcom is
responsible for supporting that mess.  Good luck to them.

> There are also probably cellular dongles that uses rndis by default. Maybe
> ask the ModemManager people ?

That would be very very sad if it were the case, as they are totally
unsafe.

> I'm also curious if reimplementing it in userspace would solve the security
> problem.

The kernel would be happier, as all of the buffer overflows that are
possible would only be happening in userspace.  But I doubt any library
or userspace code that interacts with the protocol would really enjoy
it.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ