On Wed, 2022-11-23 at 16:40 +0100, Nicolas Cavallari wrote: > On 23/11/2022 13:46, Greg Kroah-Hartman wrote: > > The Microsoft RNDIS protocol is, as designed, insecure and > > vulnerable on > > any system that uses it with untrusted hosts or devices. Because > > the > > protocol is impossible to make secure, just disable all rndis > > drivers to > > prevent anyone from using them again. > > > > Windows only needed this for XP and newer systems, Windows systems > > older > > than that can use the normal USB class protocols instead, which do > > not > > have these problems. > > > > Android has had this disabled for many years so there should not be > > any > > real systems that still need this. > > I kind of disagree here. I have seen plenty of android devices that > only > support rndis for connection sharing, including my android 11 phone > released in Q3 2020. I suspect the qualcomm's BSP still enable it by > default. > > There are also probably cellular dongles that uses rndis by default. > Maybe ask the ModemManager people ? Yes, there are. Another class of WWAN dongles presented as USB RNDIS to the host, had an onboard DHCP server, and "bridged" that (for lack of a better term) to the WWAN. And like a home router exposed HTTP based management on 192.168.1.1 to control the WWAN stuff. https://openwrt.org/docs/guide-user/network/wan/wwan/ethernetoverusb_rndis RE Wifi, (echoing Johannes) there was one Broadcom chipset, but a bunch of devices used it. I have some though I don't actively use them. But they still work... Dan > > I'm also curious if reimplementing it in userspace would solve the > security problem. >
