[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d397e09df8bfd1286ed3e652fbba37ec7fe02f32.camel@sipsolutions.net>
Date: Wed, 23 Nov 2022 17:27:30 +0100
From: Johannes Berg <johannes@...solutions.net>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: linux-kernel@...r.kernel.org,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Kalle Valo <kvalo@...nel.org>,
Oleksij Rempel <linux@...pel-privat.de>,
Maciej Żenczykowski <maze@...gle.com>,
Neil Armstrong <neil.armstrong@...aro.org>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
Andrzej Pietrasiewicz <andrzejtp2010@...il.com>,
Jacopo Mondi <jacopo@...ndi.org>,
Łukasz Stelmach <l.stelmach@...sung.com>,
Laurent Pinchart <laurent.pinchart@...asonboard.com>,
linux-usb@...r.kernel.org, netdev@...r.kernel.org,
linux-wireless@...r.kernel.org,
Ilja Van Sprundel <ivansprundel@...ctive.com>,
Joseph Tartaro <joseph.tartaro@...ctive.com>
Subject: Re: [PATCH] USB: disable all RNDIS protocol drivers
On Wed, 2022-11-23 at 16:05 +0100, Greg Kroah-Hartman wrote:
> On Wed, Nov 23, 2022 at 03:20:36PM +0100, Johannes Berg wrote:
> > On Wed, 2022-11-23 at 13:46 +0100, Greg Kroah-Hartman wrote:
> > > The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on
> > > any system that uses it with untrusted hosts or devices. Because the
> > > protocol is impossible to make secure, just disable all rndis drivers to
> > > prevent anyone from using them again.
> > >
> >
> > Not that I mind disabling these, but is there any more detail available
> > on this pretty broad claim? :)
>
> I don't want to get into specifics in public any more than the above.
Fair.
> The protocol was never designed to be used with untrusted devices. It
> was created, and we implemented support for it, when we trusted USB
> devices that we plugged into our systems, AND we trusted the systems we
> plugged our USB devices into. So at the time, it kind of made sense to
> create this, and the USB protocol class support that replaced it had not
> yet been released.
>
> As designed, it really can not work at all if you do not trust either
> the host or the device, due to the way the protocol works. And I can't
> see how it could be fixed if you wish to remain compliant with the
> protocol (i.e. still work with Windows XP systems.)
I guess I just don't see how a USB-based protocol can be fundamentally
insecure (to the host), when the host is always in control over messages
and parses their content etc.?
I can see this with e.g. firewire which must allow DMA access, and now
with Thunderbolt we have the same and ended up with boltd, but USB?
> Today, with untrusted hosts and devices, it's time to just retire this
> protcol. As I mentioned in the patch comments, Android disabled this
> many years ago in their devices, with no loss of functionality.
I'm not sure Android counts that much, FWIW, at least for WiFi there
really is no good reason to plug in a USB WiFi dongle into an Android
phone, and quick googling shows that e.g. Android TV may - depending on
build - support/permit RNDIS Ethernet?
Anyway, there was probably exactly one RNDIS WiFi dongle from Broadcom
(for some kind of console IIRC), so it's not a huge loss. Just having
issues with the blanket statement that a USB protocol can be designed as
inscure :)
johannes
Powered by blists - more mailing lists