Announcement

Collapse
No announcement yet.

Linux To Try Again To Disable All RNDIS Protocol Drivers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by jokeyrhyme View Post
    For Android, the kernel version is frozen years before the device even hits shelves, they practically never get new kernel updates, only backported fixes for vulnerabilties (when we're lucky)

    This will not impact existing devices at all

    For future devices, Google can either patch the kernel, or manufacturers can patch the kernel, or (unfortunately) consumers can be forced to throw away insecure/affordable networking adapters and buy new ones
    How's that going to work for you when the machine you are trying to tether for doesn't have a rndis module to load?

    Comment


    • #22
      Originally posted by Namelesswonder View Post
      I don't know the currently supported protocols on recent phones like the Galaxy S23, but new Android phones are still a small drop in the bucket of billions of older Android devices.
      Galaxy S23 Ultra here...

      Code:
      foo@G15:~> lsmod | rg rndis
      rndis_host             24576  0
      cdc_ether              24576  1 rndis_host
      usbnet                 65536  2 rndis_host,cdc_ether
      usbcore               446464  8 xhci_hcd,usbnet,usbhid,cdc_acm,rndis_host,btusb,xhci_pci,cdc_ether​

      Comment


      • #23
        Originally posted by willmore View Post
        What's insecure about this? If I own both devices and plug them together, am I vulnerable to something? Or is the thread that 'some foreign device can be plugged into your trusted one and your device will trust the foreign device and accept it as a network interface'? Because the latter is simply "you're holding it worng". Are getting rid of USB/HID? I can plug a hostile device into your trusted one and you'll trust my device if it claims to be HID.
        You are basically spot on.​

        The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on any system that uses it with untrusted hosts or devices. Because the protocol is impossible to make secure, just disable all rndis drivers to prevent anyone from using them again.
        I trust my host and my phone. The chances of me needing to tether with my phone because reasons is about 1000% higher than the chance of someone compromising my laptop with an "evil phone providing network" attack.

        Comment


        • #24
          The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on any system that uses it with untrusted hosts or devices. Because the protocol is impossible to make secure, just disable all rndis drivers to prevent anyone from using them again.
          I'd wager large sums of money that most people trust their Linux laptop / desktop and their Linux kernel running Android phone, and that they are going to be pretty cheesed off in whatever weird circumstance they really need to tether and can't. But saving them from some l33t hax0rs who came down through the AC vent on a cable system Mission Impossible style to hook up some poisoned malware infested phone for networking is definitely a more important and realistic scenario to defend them against.

          Windows only needed this for XP and newer systems, Windows systems older than that can use the normal USB class protocols instead, which do not have these problems.

          This is such a weird statement. Who cares about the ancient Windows systems before XP? In this context, who cares about any of them besides Windows 10 and Windows 11 which haven't hit EOL? That's like writing "Windows only needs this for currently supported Windows systems".

          Android has had this disabled for many years so there should not be any real systems that still need this.
          Almost every Android phone in existence uses this, including very recent high end devices like the Samsung Galaxy S23 Ultra. Where do they get this shit?

          Comment


          • #25
            Originally posted by pWe00Iri3e7Z9lHOX2Qx View Post

            Galaxy S23 Ultra here...

            Code:
            foo@G15:~> lsmod | rg rndis
            rndis_host 24576 0
            cdc_ether 24576 1 rndis_host
            usbnet 65536 2 rndis_host,cdc_ether
            usbcore 446464 8 xhci_hcd,usbnet,usbhid,cdc_acm,rndis_host,btusb,xhci_pci,cdc_ether​
            all true for your host… not android.

            look for updated host driver.

            E

            Comment


            • #26
              Originally posted by gavron View Post

              all true for your host… not android.

              look for updated host driver.

              E
              They are marking rndis_host as broken. Tethering won't work if the host has no driver to load.

              Comment


              • #27
                so this will break linux side rndis... I still use this a lot, great I thought we learned this lesson last time, guess he doesn't give a shit

                Comment


                • #28
                  Originally posted by gavron View Post
                  NDIS was an interim method MS touted to allow some devices to function on WinXP. Linux offered the 'shim' called NDISWRAPPER to allow that to work under Linux. It's a hardware abstraction layer (HAL) and works...
                  I'll try to explain, but nicely. This above is true, but it's not at all what we're talking about here. NDIS, without the "R", is an old driver model used by MS network drivers in the WinXP era, and these drivers could be used on Linux too, and it sort of worked, but it was also kinda crap.

                  *R*NDIS, with the R, is a USB protocol for network devices, especially ones that want to look like ethernet adapters. Microsoft also made it, and they sort of based it on sending NDIS API calls over USB, hence the name. It's something someone who knew nothing about USB and never seen any code not written by Microsoft would make. But it's got nothing to do with NDIS drivers and NDISWRAPPER and so on. It's a crap protocol, but unfortunately it's the only "USB for network devices" driver that MS shipped with windows. So everything*, USB tethered phones, USB modems, random "I pretend to be a network device device" things on USB use it. Everyone but Apple.

                  This change is dropping the Linux driver used to talk to those phones and modems over USB.

                  *: Ironically, real USB Ethernet dongles generally don't use RNDIS. Only things that pretend to be Ethernet network devices use it, not real ones. RNDIS is a crap protocol and most real Ethernet USB devices used a faster and more efficient proprietary protocol invented by whoever made them, "asix" is a really common one. Now days you are starting to see CDC-NCM used, which is an actual USB standard. But it's a newer protocol and wasn't around in the days when RNDIS was created. There were other USB standard protocols, but they were also not great and USB-Ethernet dongles didn't use them.


                  Comment


                  • #29
                    Originally posted by tpiepho View Post

                    I'll try to explain, but nicely. This above is true, but it's not at all what we're talking about here. NDIS, without the "R", is an old driver model used by MS network drivers in the WinXP era, and these drivers could be used on Linux too, and it sort of worked, but it was also kinda crap.

                    *R*NDIS, with the R, is a USB protocol for network devices, especially ones that want to look like ethernet adapters. Microsoft also made it, and they sort of based it on sending NDIS API calls over USB, hence the name. It's something someone who knew nothing about USB and never seen any code not written by Microsoft would make. But it's got nothing to do with NDIS drivers and NDISWRAPPER and so on. It's a crap protocol, but unfortunately it's the only "USB for network devices" driver that MS shipped with windows. So everything*, USB tethered phones, USB modems, random "I pretend to be a network device device" things on USB use it. Everyone but Apple.

                    This change is dropping the Linux driver used to talk to those phones and modems over USB.

                    *: Ironically, real USB Ethernet dongles generally don't use RNDIS. Only things that pretend to be Ethernet network devices use it, not real ones. RNDIS is a crap protocol and most real Ethernet USB devices used a faster and more efficient proprietary protocol invented by whoever made them, "asix" is a really common one. Now days you are starting to see CDC-NCM used, which is an actual USB standard. But it's a newer protocol and wasn't around in the days when RNDIS was created. There were other USB standard protocols, but they were also not great and USB-Ethernet dongles didn't use them.

                    Thanks for that. I am not an MS guy and conflated the two. I hope I caused no harm. Tying to be helpful… but failed.
                    I would read up on rndis… but ms obsolete and broken…

                    E

                    Comment


                    • #30
                      Disabling because tethering is evil; posted/pushed because it's Sunday and we all should be in Church praying.

                      Comment

                      Working...
                      X