From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 197EEC63797 for ; Wed, 11 Jan 2023 14:57:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234594AbjAKO5I (ORCPT ); Wed, 11 Jan 2023 09:57:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33370 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238488AbjAKO47 (ORCPT ); Wed, 11 Jan 2023 09:56:59 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E50A75FB2; Wed, 11 Jan 2023 06:56:56 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7963C61D4C; Wed, 11 Jan 2023 14:56:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 556BFC433D2; Wed, 11 Jan 2023 14:56:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1673449015; bh=7KrxrMBTrm2k5eaChJutXbGFMMhPgdWPn4Daxh7vj4s=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=xB4v8A+uaOYPztnyzpvJhzF/L/8BSpKtxAKSF2vT3BVz9RxB3k+c6x4PJWplH9Kow UgOdqDYZvRdjpsbRsqg7aEc5DeFYIDlBa0qxPsSU/rwHMp5wPRR8I/0b2AROGTz66K PE/w7ZOXNejyCziVaxsLhn3ON6//0fMKtF08Emis= Date: Wed, 11 Jan 2023 15:56:52 +0100 From: Greg Kroah-Hartman To: Jan Engelhardt Cc: linux-kernel@vger.kernel.org, "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Kalle Valo , Oleksij Rempel , Maciej =?utf-8?Q?=C5=BBenczykowski?= , Neil Armstrong , Mauro Carvalho Chehab , Andrzej Pietrasiewicz , Jacopo Mondi , =?utf-8?Q?=C5=81ukasz?= Stelmach , Laurent Pinchart , linux-usb@vger.kernel.org, netdev@vger.kernel.org, linux-wireless@vger.kernel.org, Ilja Van Sprundel , Joseph Tartaro Subject: Re: [PATCH] USB: disable all RNDIS protocol drivers Message-ID: References: <20221123124620.1387499-1-gregkh@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Wed, Jan 11, 2023 at 02:38:04PM +0100, Jan Engelhardt wrote: > > On Wednesday 2022-11-23 13:46, Greg Kroah-Hartman wrote: > > > >The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on > >any system that uses it with untrusted hosts or devices. Because the > >protocol is impossible to make secure, just disable all rndis drivers to > >prevent anyone from using them again. > > > >Windows only needed this for XP and newer systems, Windows systems older > >than that can use the normal USB class protocols instead, which do not > >have these problems. > > > In other news, someone just proposed adding "RNDIS" things to UEFI, so > now the security problem is added right back into machines but at > another layer?! > > https://edk2.groups.io/g/devel/topic/patch_1_3/95531719 I guess systems that use this will always have to trust that the device plugged into them is "trusted". Seems like an easy way to get access to a "locked down" system if you ever need it :) {sigh} greg k-h