Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp9541310rwl; Wed, 11 Jan 2023 07:02:12 -0800 (PST) X-Google-Smtp-Source: AMrXdXv+X5U8tehAJc6HyXfCjSYyCaxDqtLV2FW+4sx1RW9jEklMWCv4UOfxn9SSAIo2IxRnFekK X-Received: by 2002:a17:907:cb84:b0:836:e8a6:f6f5 with SMTP id un4-20020a170907cb8400b00836e8a6f6f5mr64247429ejc.66.1673449331882; Wed, 11 Jan 2023 07:02:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673449331; cv=none; d=google.com; s=arc-20160816; b=vjkZCAc2xJLAp/HkHXPNlnBuJ8Oo2dyqngtKD+Z238zVCEzv4gS0sSsrnNYa4Z5g/p yOXXIfvOmhaYObNRC7uIMJNbTTGHzjOc76mUKr45A6VaKTugtjDb9LXAmK79KIEvSJwO dey9Q8ZYW2rWhyyZdyxZzoZb0WpjYM3HOr3cwN8MnrSvh+zXkW4Eh0co5uF3eqPKxScB zidYUSg0oXNn0USU7MC2pvnSLNj61dwEJQkbGoCY2tIKLTxUTrxVfMPYFHIawCy/3NX+ dZ+qTdzPB3yMoXhLtluuL0QeAqukhQv8u7GjLziNCLu0NA6/+ixfog+MezPi2/O8V8FZ U9gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=8Q3wNImgDLcUXMopzqT0wd8lwEByPALqEzzkjh4+tXs=; b=LLfHL0ioOKFeuLaNlBDrLT2qlhbg5Ppa4gkr4blI00RwZopapGFYzOap686kaX2AGe A2vRR+MW/J3GlwjbDXeOAqqDnIpwwX9/TytsB7+hopPZF3Zsubbp3wkHeFRJwjdqBRUy HQlHbUE8oKvkwTFeXri5l5brgcuWIC8kWkuwbHxuOkL65O6o0uP6j6o16guouJyYbGFx FImeqnEs83nlMZY76dRVPjGkZrn5Tarq5kFm8p1Fe6TBNBPBpHLw78ItSBgsiGkjmO5C 3zesUA0sp2KFuwXBzFzFxCDdum9ypHKhY8gLN5wOKn7cGA2Bpz2j6Tj6xDquOCRllbQ6 4EAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=xB4v8A+u; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qa38-20020a17090786a600b0078d550c0272si15245571ejc.269.2023.01.11.07.01.44; Wed, 11 Jan 2023 07:02:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=xB4v8A+u; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234594AbjAKO5I (ORCPT + 66 others); Wed, 11 Jan 2023 09:57:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33370 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238488AbjAKO47 (ORCPT ); Wed, 11 Jan 2023 09:56:59 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E50A75FB2; Wed, 11 Jan 2023 06:56:56 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7963C61D4C; Wed, 11 Jan 2023 14:56:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 556BFC433D2; Wed, 11 Jan 2023 14:56:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1673449015; bh=7KrxrMBTrm2k5eaChJutXbGFMMhPgdWPn4Daxh7vj4s=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=xB4v8A+uaOYPztnyzpvJhzF/L/8BSpKtxAKSF2vT3BVz9RxB3k+c6x4PJWplH9Kow UgOdqDYZvRdjpsbRsqg7aEc5DeFYIDlBa0qxPsSU/rwHMp5wPRR8I/0b2AROGTz66K PE/w7ZOXNejyCziVaxsLhn3ON6//0fMKtF08Emis= Date: Wed, 11 Jan 2023 15:56:52 +0100 From: Greg Kroah-Hartman To: Jan Engelhardt Cc: linux-kernel@vger.kernel.org, "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Kalle Valo , Oleksij Rempel , Maciej =?utf-8?Q?=C5=BBenczykowski?= , Neil Armstrong , Mauro Carvalho Chehab , Andrzej Pietrasiewicz , Jacopo Mondi , =?utf-8?Q?=C5=81ukasz?= Stelmach , Laurent Pinchart , linux-usb@vger.kernel.org, netdev@vger.kernel.org, linux-wireless@vger.kernel.org, Ilja Van Sprundel , Joseph Tartaro Subject: Re: [PATCH] USB: disable all RNDIS protocol drivers Message-ID: References: <20221123124620.1387499-1-gregkh@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Wed, Jan 11, 2023 at 02:38:04PM +0100, Jan Engelhardt wrote: > > On Wednesday 2022-11-23 13:46, Greg Kroah-Hartman wrote: > > > >The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on > >any system that uses it with untrusted hosts or devices. Because the > >protocol is impossible to make secure, just disable all rndis drivers to > >prevent anyone from using them again. > > > >Windows only needed this for XP and newer systems, Windows systems older > >than that can use the normal USB class protocols instead, which do not > >have these problems. > > > In other news, someone just proposed adding "RNDIS" things to UEFI, so > now the security problem is added right back into machines but at > another layer?! > > https://edk2.groups.io/g/devel/topic/patch_1_3/95531719 I guess systems that use this will always have to trust that the device plugged into them is "trusted". Seems like an easy way to get access to a "locked down" system if you ever need it :) {sigh} greg k-h