From: Johannes Berg <johannes@sipsolutions.net>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-kernel@vger.kernel.org,
"David S. Miller" <davem@davemloft.net>,
"Eric Dumazet" <edumazet@google.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"Paolo Abeni" <pabeni@redhat.com>,
"Kalle Valo" <kvalo@kernel.org>,
"Oleksij Rempel" <linux@rempel-privat.de>,
"Maciej Żenczykowski" <maze@google.com>,
"Neil Armstrong" <neil.armstrong@linaro.org>,
"Mauro Carvalho Chehab" <mchehab@kernel.org>,
"Andrzej Pietrasiewicz" <andrzejtp2010@gmail.com>,
"Jacopo Mondi" <jacopo@jmondi.org>,
"Łukasz Stelmach" <l.stelmach@samsung.com>,
"Laurent Pinchart" <laurent.pinchart@ideasonboard.com>,
linux-usb@vger.kernel.org, netdev@vger.kernel.org,
linux-wireless@vger.kernel.org,
"Ilja Van Sprundel" <ivansprundel@ioactive.com>,
"Joseph Tartaro" <joseph.tartaro@ioactive.com>
Subject: Re: [PATCH] USB: disable all RNDIS protocol drivers
Date: Wed, 23 Nov 2022 17:27:30 +0100 [thread overview]
Message-ID: <d397e09df8bfd1286ed3e652fbba37ec7fe02f32.camel@sipsolutions.net> (raw)
In-Reply-To: <Y342oUJu9CFHNmlW@kroah.com>
On Wed, 2022-11-23 at 16:05 +0100, Greg Kroah-Hartman wrote:
> On Wed, Nov 23, 2022 at 03:20:36PM +0100, Johannes Berg wrote:
> > On Wed, 2022-11-23 at 13:46 +0100, Greg Kroah-Hartman wrote:
> > > The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on
> > > any system that uses it with untrusted hosts or devices. Because the
> > > protocol is impossible to make secure, just disable all rndis drivers to
> > > prevent anyone from using them again.
> > >
> >
> > Not that I mind disabling these, but is there any more detail available
> > on this pretty broad claim? :)
>
> I don't want to get into specifics in public any more than the above.
Fair.
> The protocol was never designed to be used with untrusted devices. It
> was created, and we implemented support for it, when we trusted USB
> devices that we plugged into our systems, AND we trusted the systems we
> plugged our USB devices into. So at the time, it kind of made sense to
> create this, and the USB protocol class support that replaced it had not
> yet been released.
>
> As designed, it really can not work at all if you do not trust either
> the host or the device, due to the way the protocol works. And I can't
> see how it could be fixed if you wish to remain compliant with the
> protocol (i.e. still work with Windows XP systems.)
I guess I just don't see how a USB-based protocol can be fundamentally
insecure (to the host), when the host is always in control over messages
and parses their content etc.?
I can see this with e.g. firewire which must allow DMA access, and now
with Thunderbolt we have the same and ended up with boltd, but USB?
> Today, with untrusted hosts and devices, it's time to just retire this
> protcol. As I mentioned in the patch comments, Android disabled this
> many years ago in their devices, with no loss of functionality.
I'm not sure Android counts that much, FWIW, at least for WiFi there
really is no good reason to plug in a USB WiFi dongle into an Android
phone, and quick googling shows that e.g. Android TV may - depending on
build - support/permit RNDIS Ethernet?
Anyway, there was probably exactly one RNDIS WiFi dongle from Broadcom
(for some kind of console IIRC), so it's not a huge loss. Just having
issues with the blanket statement that a USB protocol can be designed as
inscure :)
johannes
next prev parent reply other threads:[~2022-11-23 16:28 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-23 12:46 [PATCH] USB: disable all RNDIS protocol drivers Greg Kroah-Hartman
2022-11-23 14:20 ` Johannes Berg
2022-11-23 15:05 ` Greg Kroah-Hartman
2022-11-23 16:27 ` Johannes Berg [this message]
2023-01-10 22:47 ` James Hilliard
2022-11-23 15:21 ` Kalle Valo
2022-11-23 18:29 ` Jakub Kicinski
2022-11-23 20:27 ` Maciej Żenczykowski
2023-01-11 13:38 ` Jan Engelhardt
2023-01-11 14:56 ` Greg Kroah-Hartman
2023-07-03 21:11 ` Enrico Mioso
2023-07-04 6:47 ` Greg Kroah-Hartman
2023-07-12 9:22 ` Oliver Neukum
2023-07-12 13:00 ` Johannes Berg
2023-07-12 16:39 ` Greg Kroah-Hartman
2023-07-13 0:28 ` Johannes Berg
2023-07-13 5:34 ` Greg Kroah-Hartman
2023-07-13 8:33 ` Oliver Neukum
2023-07-13 9:49 ` Maciej Żenczykowski
2023-07-13 12:21 ` Johannes Berg
2023-07-13 5:21 ` Mauro Carvalho Chehab
-- strict thread matches above, loose matches on Subject: below --
2022-11-23 15:40 Nicolas Cavallari
2022-11-23 15:55 ` Greg Kroah-Hartman
2022-11-24 0:58 ` Lars Melin
2022-11-29 22:48 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d397e09df8bfd1286ed3e652fbba37ec7fe02f32.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=andrzejtp2010@gmail.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=ivansprundel@ioactive.com \
--cc=jacopo@jmondi.org \
--cc=joseph.tartaro@ioactive.com \
--cc=kuba@kernel.org \
--cc=kvalo@kernel.org \
--cc=l.stelmach@samsung.com \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=linux@rempel-privat.de \
--cc=maze@google.com \
--cc=mchehab@kernel.org \
--cc=neil.armstrong@linaro.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).