On Wed, Nov 23, 2022 at 03:20:36PM +0100, Johannes Berg wrote: > On Wed, 2022-11-23 at 13:46 +0100, Greg Kroah-Hartman wrote: > > The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on > > any system that uses it with untrusted hosts or devices. Because the > > protocol is impossible to make secure, just disable all rndis drivers to > > prevent anyone from using them again. > > > > Not that I mind disabling these, but is there any more detail available > on this pretty broad claim? :) I don't want to get into specifics in public any more than the above. The protocol was never designed to be used with untrusted devices. It was created, and we implemented support for it, when we trusted USB devices that we plugged into our systems, AND we trusted the systems we plugged our USB devices into. So at the time, it kind of made sense to create this, and the USB protocol class support that replaced it had not yet been released. As designed, it really can not work at all if you do not trust either the host or the device, due to the way the protocol works. And I can't see how it could be fixed if you wish to remain compliant with the protocol (i.e. still work with Windows XP systems.) Today, with untrusted hosts and devices, it's time to just retire this protcol. As I mentioned in the patch comments, Android disabled this many years ago in their devices, with no loss of functionality. thanks, greg k-h
