On Tue, Jan 10, 2023 at 3:32 PM Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote: > > On Wed, 2022-11-23 at 16:05 +0100, Greg Kroah-Hartman wrote: > > On Wed, Nov 23, 2022 at 03:20:36PM +0100, Johannes Berg wrote: > > > On Wed, 2022-11-23 at 13:46 +0100, Greg Kroah-Hartman wrote: > > > > The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on > > > > any system that uses it with untrusted hosts or devices. Because the > > > > protocol is impossible to make secure, just disable all rndis drivers to > > > > prevent anyone from using them again. > > > > > > > > > > Not that I mind disabling these, but is there any more detail available > > > on this pretty broad claim? :) > > > > I don't want to get into specifics in public any more than the above. > > Fair. I would guess it's related to?: https://github.com/torvalds/linux/commit/c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2 > > > The protocol was never designed to be used with untrusted devices. It > > was created, and we implemented support for it, when we trusted USB > > devices that we plugged into our systems, AND we trusted the systems we > > plugged our USB devices into. So at the time, it kind of made sense to > > create this, and the USB protocol class support that replaced it had not > > yet been released. > > > > As designed, it really can not work at all if you do not trust either > > the host or the device, due to the way the protocol works. And I can't > > see how it could be fixed if you wish to remain compliant with the > > protocol (i.e. still work with Windows XP systems.) Can it be fixed in a way that most RNDIS based modems devices like RNDIS based android tethering work with Linux based hosts still? > > I guess I just don't see how a USB-based protocol can be fundamentally > insecure (to the host), when the host is always in control over messages > and parses their content etc.? > > I can see this with e.g. firewire which must allow DMA access, and now > with Thunderbolt we have the same and ended up with boltd, but USB? > > > Today, with untrusted hosts and devices, it's time to just retire this > > protcol. As I mentioned in the patch comments, Android disabled this > > many years ago in their devices, with no loss of functionality. > > I'm not sure Android counts that much, FWIW, at least for WiFi there > really is no good reason to plug in a USB WiFi dongle into an Android > phone, and quick googling shows that e.g. Android TV may - depending on > build - support/permit RNDIS Ethernet? > > Anyway, there was probably exactly one RNDIS WiFi dongle from Broadcom > (for some kind of console IIRC), so it's not a huge loss. Just having > issues with the blanket statement that a USB protocol can be designed as > inscure :) > > johannes >
