Re: [PATCH] USB: disable all RNDIS protocol drivers

From: Greg Kroah-Hartman
Date: Wed Jan 11 2023 - 09:57:25 EST

Next message: Rob Herring: "Re: [PATCH] dt-bindings: msm/dsi: Don't require vcca-supply on 14nm PHY"
Previous message: Michael S. Tsirkin: "Re: [PATCH 1/5] virtio_ring: per virtqueue dma device"
In reply to: Jan Engelhardt: "Re: [PATCH] USB: disable all RNDIS protocol drivers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 11, 2023 at 02:38:04PM +0100, Jan Engelhardt wrote:
>
> On Wednesday 2022-11-23 13:46, Greg Kroah-Hartman wrote:
> >
> >The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on
> >any system that uses it with untrusted hosts or devices. Because the
> >protocol is impossible to make secure, just disable all rndis drivers to
> >prevent anyone from using them again.
> >
> >Windows only needed this for XP and newer systems, Windows systems older
> >than that can use the normal USB class protocols instead, which do not
> >have these problems.
>
>
> In other news, someone just proposed adding "RNDIS" things to UEFI, so
> now the security problem is added right back into machines but at
> another layer?!
>
> https://edk2.groups.io/g/devel/topic/patch_1_3/95531719

I guess systems that use this will always have to trust that the device
plugged into them is "trusted". Seems like an easy way to get access to
a "locked down" system if you ever need it :)

{sigh}

greg k-h

Next message: Rob Herring: "Re: [PATCH] dt-bindings: msm/dsi: Don't require vcca-supply on 14nm PHY"
Previous message: Michael S. Tsirkin: "Re: [PATCH 1/5] virtio_ring: per virtqueue dma device"
In reply to: Jan Engelhardt: "Re: [PATCH] USB: disable all RNDIS protocol drivers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]