Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7540795rwb; Wed, 23 Nov 2022 07:44:16 -0800 (PST) X-Google-Smtp-Source: AA0mqf5t4EANx8WUIqwgf2LDHgSDg3RSHsjup4DPDtBUL5pptpSfx6iTcXOXakIlUPPLQTXmppDX X-Received: by 2002:a17:90a:ea05:b0:20a:a1a8:3719 with SMTP id w5-20020a17090aea0500b0020aa1a83719mr31204274pjy.225.1669218256047; Wed, 23 Nov 2022 07:44:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669218256; cv=none; d=google.com; s=arc-20160816; b=F0JmAPyebOUNahA5YXNkXo/jeRYdMp6sYEnEbBicvJs7cmHv6Cs0kKtlznpjEsnyRt jFiE4Fo6WTrGBQTEBFADBV+UxjB2XTwRLjHHfEz5iwDbAufCceztlrQuL7e+hj7Ve09m Wh/K30mnIYagU7YYKANibkkcb6TBNHvAEQ1xQvPbfIx+GnzJdkcnihDR8C34faZI9+t2 LSy2bPdksQ0rxHyZwPqIUIu7/j4wpJqQfSn0DLF3IDpP72GfKlsP6KlqyiM4+zYv948N 5OQytE5LZs1oiloiC6IjfqWd5TCEi437rukHByJUwdWssgZowqIfKBhj0zyU+S5NHlGQ lLPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:from:content-language :cc:to:subject:user-agent:mime-version:date:message-id; bh=y5jiZy5GANl3cf4ZNxh3ZECUm/s3Ev9GlA9REhx8ppk=; b=gBsWYRINqTb69j9HYmhJVznGFJDeboO5vHCAw7abvmmPGkLTiEDerlQdy9gnarHlYG /AJheg1VXGk7B5H1jA3juX0tj0LK71lWEf0lQLpm8XqODek/Nm6AuthHNoKhzABnJezg YOGth8HW0ZNgO4G/ErV8HNyfmVpNIP869mRtu9PJmdAOZIQoHUPyECTCp/lLww47k9QU hvRquczgOLd8cU/an/iXIqHK6XXFPZvXKdL5aDDxKFCD8tRrHl/c6RQh2F6wFuzqqyXJ Yq3XcjPxFWIgEkwiAoDGt27N7U4Fymn1njRVOkJrVIC2XipdlllM2EWLvp2PXr9F9f7B ZHJA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n36-20020a635924000000b0046f72960500si16594859pgb.379.2022.11.23.07.44.07; Wed, 23 Nov 2022 07:44:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238655AbiKWPls (ORCPT + 68 others); Wed, 23 Nov 2022 10:41:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56062 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238621AbiKWPlY (ORCPT ); Wed, 23 Nov 2022 10:41:24 -0500 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7BC14970AA; Wed, 23 Nov 2022 07:41:22 -0800 (PST) Received: from [192.168.0.203] ([151.127.53.97]) by mrelayeu.kundenserver.de (mreue011 [213.165.67.103]) with ESMTPSA (Nemesis) id 1MVe5c-1oWOrt2qF2-00RWCH; Wed, 23 Nov 2022 16:40:57 +0100 Message-ID: <04ea37cc-d97a-3e00-8a99-135ab38860f2@green-communications.fr> Date: Wed, 23 Nov 2022 16:40:33 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0 Subject: Re: [PATCH] USB: disable all RNDIS protocol drivers To: Greg Kroah-Hartman , linux-kernel@vger.kernel.org Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Kalle Valo , Oleksij Rempel , =?UTF-8?Q?Maciej_=c5=bbenczykowski?= , Neil Armstrong , Mauro Carvalho Chehab , Andrzej Pietrasiewicz , Jacopo Mondi , =?UTF-8?Q?=c5=81ukasz_Stelmach?= , Laurent Pinchart , linux-usb@vger.kernel.org, netdev@vger.kernel.org, linux-wireless@vger.kernel.org, Ilja Van Sprundel , Joseph Tartaro Content-Language: fr, en-US From: Nicolas Cavallari Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:pYmZKIjhwEar5+zrSn8EoxJrueGNr0TSCBf+WtXkAd8BvNef9B/ OHCKLrJsAjusLNEWTW5K3zYIvPXLKkK3ysJLxZ4ZsTdcy8zcz5be09kjSZM5EkCIPDAiLiR YqrAqAbJftFEh4Pobn9RNqTAc9U49IAHZIiDhnI1i4EHK8Z5b9cF6vUn+Hkjp2JG9cvgMoC 4kNZJnJZN07XQVk8+aYiQ== X-UI-Out-Filterresults: notjunk:1;V03:K0:1iTK9Mme8R0=:x5r7JV6cEEzk0QklHUaWhl U2yVwM1TcjlTm4kedfmfCqsnflLKj7JhV/9Xv/ERlfLEDD9ez6gcX27nQI91ZWxm9HXHwh9ou frnQS2fY4MsLsXkK6LPYyzNo8BILMGz2WUpAgZcMH8NEcVpI762/xjdSSA+YhmR6q5j6zGd80 q8+a2h23HCYuPIUODbk0b8aUnOzLU6gLEN+OCrOAycztx3h73Ky7pmvr0ayhUG8I1H5OJrQ6q cVfo2mTNnmQ64VKesrsDldFetT9Tk2HBEgp76d92frvqsXUcbopg3XpVR43xYHG6CiFUNNA7y tD65EEG+Re1AB7jCiAuAP7GEUZ0jYIHSIXNtdKrdvptkb3mkVDL8eDpwb9jySLKGwLmFxP40I 6VIBp6cY4DlqdtEeWRApYlwss8QIeUw40EBl4Tzkb//oMJvggojRV+B2cgDt/aFyYyZD32P1e tj+VZp/8LLEo7dgAqesx0fPjPSw8MG2Fw1eYYLn6+7zyJosQFAig1A+XaZSSRy4YRzs5Q1oWn ZIU+XSo1i1gmOYocclwsk6DjBSXLSXSp4tlqjHOfDoUYsFibEpirK7VQ8EFtTuZ4ULv0vhhrx j0AKcYhK0hCDdbWDtidBKtZsACHtBRKxtgYJhuINhYpXrtMRLInoDsczyZVRDrBpaDfZ9EuDv WWrwr5J08QFmJfWR89P+QRFUMfIRTtgEzXy+3GEXvPQZiCisTqhslH08ZR0+lIiZdT3yO46+v Z+CgcsU0dZAM1IItB4lrzrnVVZyMie6gB00bUhZHC/gZiQ0IHn7Sxk/KOOzGWObxwXq1tWRTI r4xR253irs4i81AzdKp0l8+h8JEP+rmrlJR7uZyVtW7wMCUCJo= X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On 23/11/2022 13:46, Greg Kroah-Hartman wrote: > The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on > any system that uses it with untrusted hosts or devices. Because the > protocol is impossible to make secure, just disable all rndis drivers to > prevent anyone from using them again. > > Windows only needed this for XP and newer systems, Windows systems older > than that can use the normal USB class protocols instead, which do not > have these problems. > > Android has had this disabled for many years so there should not be any > real systems that still need this. I kind of disagree here. I have seen plenty of android devices that only support rndis for connection sharing, including my android 11 phone released in Q3 2020. I suspect the qualcomm's BSP still enable it by default. There are also probably cellular dongles that uses rndis by default. Maybe ask the ModemManager people ? I'm also curious if reimplementing it in userspace would solve the security problem.