Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7486693rwb; Wed, 23 Nov 2022 07:09:00 -0800 (PST) X-Google-Smtp-Source: AA0mqf5jUiijojJUfC9XjMUhg+DuY89mm2TFrncTzxydcxPZaeMotP8nqE6o14CYbIfnNxy3Nn39 X-Received: by 2002:a17:90a:9c07:b0:218:9f75:deae with SMTP id h7-20020a17090a9c0700b002189f75deaemr19812810pjp.58.1669216139964; Wed, 23 Nov 2022 07:08:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669216139; cv=none; d=google.com; s=arc-20160816; b=KsGWOOE15TwiZMccYtaNPIZLNDA/e4bwkL9SXyrQJ3mL8ccbIiuFze4yezpWII3HYY LcdoiH2KUOb4vZNeqrf5J0j7QIr/8AItSks/i/kFoQ22dD45LPRYEWofRLDh8CHvvX4b 9j82xQjAZJOZLJcQSW9bNxZ8Y8TYJxF6wV7Dt0Tuo46D9ZCrntyIiYvFoFyBz/zfQSs4 9hpFT7ghJSOK0cH4b0H4CPvFxno/BQuQdoadYtIt/L1D0ceIC11LmsLFwsq2M9N3wbSs WQpl8hp+7UOA2ZnRliGHJVTmJNL+ETHOSoq2/+y5xxognTJv6nmSrud221eZdXtYqNuJ 0+Wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=mkrl1qYnEF0nV8h3riXI/pOVznkU+bfGO4ZhdA9IknQ=; b=t4egnfjsA8C0ReaROeWXj3l+4Qfn/srcDH2mvn+Ei6fNRjvOiodQVw/pcmgVqgtRof 6bMjUzQZljCC9aVAHKerXOUZIez/rLTpWlbhlFDCPqY4NxvIUgpGfOpkmy3CjulXsMbF mp9Xg4y6BMXhVSWBdiQdsgN2lgpAOS73P7S580uwAlzCEnSGSd/ad3ES4SS6Q1+xYda5 KP7m8eQGE8jYWcAQ6m+ZZDCH7wGXvqjFG59P1zauyclku6p9P09C1Lgvy4vPsZw6iVpU BlJ47Yq5LnJ64QD0uCpPkPEMqVy/7MP9kAcoXp1PKDaw5qTGfGb0P9ps3MX5bV5q0XHz z7iw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=0g5FXXZC; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pi14-20020a17090b1e4e00b0021812e71e68si2354998pjb.84.2022.11.23.07.08.47; Wed, 23 Nov 2022 07:08:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=0g5FXXZC; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237323AbiKWPFM (ORCPT + 68 others); Wed, 23 Nov 2022 10:05:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40280 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235959AbiKWPFL (ORCPT ); Wed, 23 Nov 2022 10:05:11 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C625D21AA; Wed, 23 Nov 2022 07:05:09 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6242761D63; Wed, 23 Nov 2022 15:05:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3FA29C433C1; Wed, 23 Nov 2022 15:05:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1669215908; bh=B2ieTl57vrLj6dHchJgEC9dcze5oWG9C+goXxPF5SqM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=0g5FXXZCC8LhG0Z5R5xKISTS656yCpFLisQI0FDcpbqrHIewFYMRDfqr0QvrIUKqS 0dytqyrB3Xu0+54ZhF78G3qt22od7L0qoNpMofTHuz1lKNPd1Gf90ezjkS9NsX4hhp qmNu0RFrnMDNl1X2181dL+JJbwj+dMO41hmoFobU= Date: Wed, 23 Nov 2022 16:05:05 +0100 From: Greg Kroah-Hartman To: Johannes Berg Cc: linux-kernel@vger.kernel.org, "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Kalle Valo , Oleksij Rempel , Maciej =?utf-8?Q?=C5=BBenczykowski?= , Neil Armstrong , Mauro Carvalho Chehab , Andrzej Pietrasiewicz , Jacopo Mondi , =?utf-8?Q?=C5=81ukasz?= Stelmach , Laurent Pinchart , linux-usb@vger.kernel.org, netdev@vger.kernel.org, linux-wireless@vger.kernel.org, Ilja Van Sprundel , Joseph Tartaro Subject: Re: [PATCH] USB: disable all RNDIS protocol drivers Message-ID: References: <20221123124620.1387499-1-gregkh@linuxfoundation.org> <9b78783297db1ebb1a7cd922be7eef0bf33b75b9.camel@sipsolutions.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9b78783297db1ebb1a7cd922be7eef0bf33b75b9.camel@sipsolutions.net> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Wed, Nov 23, 2022 at 03:20:36PM +0100, Johannes Berg wrote: > On Wed, 2022-11-23 at 13:46 +0100, Greg Kroah-Hartman wrote: > > The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on > > any system that uses it with untrusted hosts or devices. Because the > > protocol is impossible to make secure, just disable all rndis drivers to > > prevent anyone from using them again. > > > > Not that I mind disabling these, but is there any more detail available > on this pretty broad claim? :) I don't want to get into specifics in public any more than the above. The protocol was never designed to be used with untrusted devices. It was created, and we implemented support for it, when we trusted USB devices that we plugged into our systems, AND we trusted the systems we plugged our USB devices into. So at the time, it kind of made sense to create this, and the USB protocol class support that replaced it had not yet been released. As designed, it really can not work at all if you do not trust either the host or the device, due to the way the protocol works. And I can't see how it could be fixed if you wish to remain compliant with the protocol (i.e. still work with Windows XP systems.) Today, with untrusted hosts and devices, it's time to just retire this protcol. As I mentioned in the patch comments, Android disabled this many years ago in their devices, with no loss of functionality. thanks, greg k-h