Linux To Try Again To Disable All RNDIS Protocol Drivers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • binarybanana
    replied
    I still don't get what's supposed to be insecure about this.

    My phone does use this and it's not that old. I really don't want to do some weird proxying through adb when I need tethering...

    Leave a comment:


  • Danny3
    replied
    Originally posted by geearf View Post

    Can't you download the packages you need on your phone and then copy them over to your desktop? It doesn't seem like you need tethering for certain. That's what I usually do when I break an install and need to fix it.
    I don't know which packages the Realtek firmware actually needs and what dependencies it pulls and how to download the dependencies too.

    Besides being such a hassle to download them on the phone and then put them in the computer.

    And last time that I used USB tethering I used the friend's phone so not my phone with which I'm more familiar.

    Leave a comment:


  • MadCatX
    replied
    I'm really flabbergasted by Greg KH's reasoning. He argues that every Windows OS from XP onwards comes with RNDIS *enabled*. How is this a good rationale to remove stuff?

    Leave a comment:


  • tpiepho
    replied
    The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on any system that uses it with untrusted hosts or devices. Because the protocol is impossible to make secure, just disable all rndis drivers to prevent anyone from using them again.
    This makes zeros sense to me. If we were talking about NDIS, without the R, which is about running WindowsXP binary drivers inside the Linux kernel, I could totally see it. But we're not. It's totally different.

    It's like if someone said the USB keyboard driver was being removed, because USB keyboards are insecure as designed because there is no way to verify who is typing on them. And besides, no one uses USB keyboards anymore. First of all, what the hell!? Secondly, how are PS/2 keyboards secure in a way USB keyboards aren't? And third, what planet do you buy keyboards on?

    RNDIS might not be well designed, but I don't understand how it is any less secure than any other USB networking protocol.

    Leave a comment:


  • rogerx
    replied
    Disabling because tethering is evil; posted/pushed because it's Sunday and we all should be in Church praying.

    Leave a comment:


  • gavron
    replied
    Originally posted by tpiepho View Post

    I'll try to explain, but nicely. This above is true, but it's not at all what we're talking about here. NDIS, without the "R", is an old driver model used by MS network drivers in the WinXP era, and these drivers could be used on Linux too, and it sort of worked, but it was also kinda crap.

    *R*NDIS, with the R, is a USB protocol for network devices, especially ones that want to look like ethernet adapters. Microsoft also made it, and they sort of based it on sending NDIS API calls over USB, hence the name. It's something someone who knew nothing about USB and never seen any code not written by Microsoft would make. But it's got nothing to do with NDIS drivers and NDISWRAPPER and so on. It's a crap protocol, but unfortunately it's the only "USB for network devices" driver that MS shipped with windows. So everything*, USB tethered phones, USB modems, random "I pretend to be a network device device" things on USB use it. Everyone but Apple.

    This change is dropping the Linux driver used to talk to those phones and modems over USB.

    *: Ironically, real USB Ethernet dongles generally don't use RNDIS. Only things that pretend to be Ethernet network devices use it, not real ones. RNDIS is a crap protocol and most real Ethernet USB devices used a faster and more efficient proprietary protocol invented by whoever made them, "asix" is a really common one. Now days you are starting to see CDC-NCM used, which is an actual USB standard. But it's a newer protocol and wasn't around in the days when RNDIS was created. There were other USB standard protocols, but they were also not great and USB-Ethernet dongles didn't use them.

    Thanks for that. I am not an MS guy and conflated the two. I hope I caused no harm. Tying to be helpful… but failed.
    I would read up on rndis… but ms obsolete and broken…

    E

    Leave a comment:


  • tpiepho
    replied
    Originally posted by gavron View Post
    NDIS was an interim method MS touted to allow some devices to function on WinXP. Linux offered the 'shim' called NDISWRAPPER to allow that to work under Linux. It's a hardware abstraction layer (HAL) and works...
    I'll try to explain, but nicely. This above is true, but it's not at all what we're talking about here. NDIS, without the "R", is an old driver model used by MS network drivers in the WinXP era, and these drivers could be used on Linux too, and it sort of worked, but it was also kinda crap.

    *R*NDIS, with the R, is a USB protocol for network devices, especially ones that want to look like ethernet adapters. Microsoft also made it, and they sort of based it on sending NDIS API calls over USB, hence the name. It's something someone who knew nothing about USB and never seen any code not written by Microsoft would make. But it's got nothing to do with NDIS drivers and NDISWRAPPER and so on. It's a crap protocol, but unfortunately it's the only "USB for network devices" driver that MS shipped with windows. So everything*, USB tethered phones, USB modems, random "I pretend to be a network device device" things on USB use it. Everyone but Apple.

    This change is dropping the Linux driver used to talk to those phones and modems over USB.

    *: Ironically, real USB Ethernet dongles generally don't use RNDIS. Only things that pretend to be Ethernet network devices use it, not real ones. RNDIS is a crap protocol and most real Ethernet USB devices used a faster and more efficient proprietary protocol invented by whoever made them, "asix" is a really common one. Now days you are starting to see CDC-NCM used, which is an actual USB standard. But it's a newer protocol and wasn't around in the days when RNDIS was created. There were other USB standard protocols, but they were also not great and USB-Ethernet dongles didn't use them.


    Leave a comment:


  • Quackdoc
    replied
    so this will break linux side rndis... I still use this a lot, great I thought we learned this lesson last time, guess he doesn't give a shit

    Leave a comment:


  • pWe00Iri3e7Z9lHOX2Qx
    replied
    Originally posted by gavron View Post

    all true for your host… not android.

    look for updated host driver.

    E
    They are marking rndis_host as broken. Tethering won't work if the host has no driver to load.

    Leave a comment:


  • gavron
    replied
    Originally posted by pWe00Iri3e7Z9lHOX2Qx View Post

    Galaxy S23 Ultra here...

    Code:
    foo@G15:~> lsmod | rg rndis
    rndis_host 24576 0
    cdc_ether 24576 1 rndis_host
    usbnet 65536 2 rndis_host,cdc_ether
    usbcore 446464 8 xhci_hcd,usbnet,usbhid,cdc_acm,rndis_host,btusb,xhci_pci,cdc_ether​
    all true for your host… not android.

    look for updated host driver.

    E

    Leave a comment:

Working...
X