Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7563605rwb; Wed, 23 Nov 2022 08:01:34 -0800 (PST) X-Google-Smtp-Source: AA0mqf5H4ISGBg+T6ch1o0Qm2Pgw1VTPSfF4OMbJdRAp2TQ2W9P8Spm1vf2Ui8aK5FQx8zBk3KCP X-Received: by 2002:a17:902:b942:b0:186:9369:bcec with SMTP id h2-20020a170902b94200b001869369bcecmr22241695pls.131.1669219294671; Wed, 23 Nov 2022 08:01:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669219294; cv=none; d=google.com; s=arc-20160816; b=crgui3v5zNmsv3g5yEq4ovenspuxAq6Aq6WmrbPvnMsDdRPyv0K1AIjCfeMWFY0DOo LVWOoeWKX9ywnETI4SHo91Ts1/q+LVaHPxArKACYW5j12QtOXuHnYqAXgmSvzFEUJq/n 2PLA8FGniE3HfUHTzfXFUe5PCYgRyLktyD9xHNE3F4yHEXTdlbly5lW/E2FeJpt78RWr S1p/wpaJNW5rSIIdC2/fj0Zpg0inkIu2lwbtkPK4bBxIAVozaV8zugDo7J6RBSEJzUsF gy04GjDVykPFoLtBCnZPh6TnfBH/WxDGBTZjSSIkF0E3aNZ5nGYoJr+3qF7bcfDRQNzD 79tA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=iZ6uSbzRaXxC3e59QGYtmgXeUe+nKjl/3KDiGVj9nps=; b=rkYntfysRwCYb1R+ogazyDR4/sywyB+S5KrfeGoIXXW3HzR8KjzhNi0MvOvzjkQniX SJGDzE/AhINTjGLYtsAnwE4KQIm0ZdjFTa8oyB1TGbhm/S/tkJUXhIcJz94XSxcUJXi6 YKD5fdeUTQa5IIFzDKrCxgDJbEne3+VRWJopxGUbTpCKd6vLGNgzFLssmnez1IFBERM3 405L2abV98X4G/Tr8MPk6DRaMISRWq1A3RQfnCXaAv5uXfF9Iw5Gh47trVowyNQRy9hY 90BN0PKHE36+4wHlz9v03LH7lxc+rSLsoXVBlgR8UQPXRosl2rnYLiSB/CwyId9sCYik kCEw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=U2jGkw8J; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e11-20020a170902cf4b00b0017d2bb81273si16827520plg.600.2022.11.23.08.01.22; Wed, 23 Nov 2022 08:01:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=U2jGkw8J; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239030AbiKWP4u (ORCPT + 68 others); Wed, 23 Nov 2022 10:56:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45658 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238569AbiKWP4d (ORCPT ); Wed, 23 Nov 2022 10:56:33 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3B044C76BB; Wed, 23 Nov 2022 07:55:57 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CCB7A61DDD; Wed, 23 Nov 2022 15:55:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B1843C433D7; Wed, 23 Nov 2022 15:55:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1669218956; bh=ZuVdYwErHyT91Nxq7Ryx7NmqLgrFG/cDPHKGxFR2ZFY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=U2jGkw8JTEW0C6phd70XCZqs+hQEYskiW31puxOmhSaxxbnL7VTHzxnHchF1UOEdz kZEA4Q2n1FvfL3mMI7in0/8iFYeSD6mZwwj8tOnzA/0kxtA5tAoIYEDszzjvfm6lt4 Fko4yGV+Zoxg2s69SXNsjjvbx+oACotgEJLlBuRA= Date: Wed, 23 Nov 2022 16:55:53 +0100 From: Greg Kroah-Hartman To: Nicolas Cavallari Cc: linux-kernel@vger.kernel.org, "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Kalle Valo , Oleksij Rempel , Maciej =?utf-8?Q?=C5=BBenczykowski?= , Neil Armstrong , Mauro Carvalho Chehab , Andrzej Pietrasiewicz , Jacopo Mondi , =?utf-8?Q?=C5=81ukasz?= Stelmach , Laurent Pinchart , linux-usb@vger.kernel.org, netdev@vger.kernel.org, linux-wireless@vger.kernel.org, Ilja Van Sprundel , Joseph Tartaro Subject: Re: [PATCH] USB: disable all RNDIS protocol drivers Message-ID: References: <04ea37cc-d97a-3e00-8a99-135ab38860f2@green-communications.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <04ea37cc-d97a-3e00-8a99-135ab38860f2@green-communications.fr> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Wed, Nov 23, 2022 at 04:40:33PM +0100, Nicolas Cavallari wrote: > On 23/11/2022 13:46, Greg Kroah-Hartman wrote: > > The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on > > any system that uses it with untrusted hosts or devices. Because the > > protocol is impossible to make secure, just disable all rndis drivers to > > prevent anyone from using them again. > > > > Windows only needed this for XP and newer systems, Windows systems older > > than that can use the normal USB class protocols instead, which do not > > have these problems. > > > > Android has had this disabled for many years so there should not be any > > real systems that still need this. > > I kind of disagree here. I have seen plenty of android devices that only > support rndis for connection sharing, including my android 11 phone released > in Q3 2020. I suspect the qualcomm's BSP still enable it by default. Qualcomm should not have it enabled, and if they do, they are adding code that Google says should not be enabled, and so Qualcom is responsible for supporting that mess. Good luck to them. > There are also probably cellular dongles that uses rndis by default. Maybe > ask the ModemManager people ? That would be very very sad if it were the case, as they are totally unsafe. > I'm also curious if reimplementing it in userspace would solve the security > problem. The kernel would be happier, as all of the buffer overflows that are possible would only be happening in userspace. But I doubt any library or userspace code that interacts with the protocol would really enjoy it. thanks, greg k-h