Announcement

Collapse
No announcement yet.

Linux To Try Again To Disable All RNDIS Protocol Drivers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dasein
    replied
    We could just reply to the mailing list objecting to this before it goes through...

    Leave a comment:


  • EphemeralEft
    replied
    I wonder if GKH knows that this driver is still needed, and is just doing this to push OEMs to support the other protocol. Although in that case it should just be deprecated.

    Leave a comment:


  • EphemeralEft
    replied
    Originally posted by MadCatX View Post
    I'm really flabbergasted by Greg KH's reasoning. He argues that every Windows OS from XP onwards comes with RNDIS *enabled*. How is this a good rationale to remove stuff?
    He wants us to use Windows. Just switch and you can have all the RNDIS you want!

    Leave a comment:


  • Luke
    replied
    I wonder if cellular carriers are behind this proposal. It must NOT be merged and I will never, ever build a kernel including this change without reverting it. Not now, not ever.

    This driver is important when dealing with a cellular carrier who attempts to block tethering entirely. With these carriers, USB tethering is only possible with unlocked phones that cellphone store staff have never been allowed to touch when powered on. Anything else, the built-in wireless and USB tethering programs attempt to "check the plan" and treat tethering as a transaction requiring carrier approval. This comes from carrier mods to stock android in some cases, some phones might even "support" this out of the box. Third party replacement operating systems do NOT support this trash just as they do not support DRM media in most cases, but only a few phones are supported by 3ed party OS's. For all the others, there's Azilink.

    Azilink creates a nonstandard data tunnel in which data arrives on the phone and so far as the carrier can see disappears into the app. They cannot see it re-emerge on your computer save by the usual TTL (time to live) games that are so easily defeated. There is also a way of doing this over Termux with some rather complex code, but that means any carrier wanting to attempt to block this must contend with a growing list of apps to blacklist-and blacklisting Termux would get a lot of complaints from "legitimate" users who follow rules designed to favor marketing partners and the big streaming outfits.

    Leave a comment:


  • blackshard
    replied
    Originally posted by billyswong View Post

    USB tethering is usually for the case where the PC doesn't have wireless capability or the wireless driver isn't installed yet. So Bluetooth is unlikely a viable alternative.
    Or the case when the place is crowded with wireless networks and it is better to have a cable-connected device.
    Or also if you just don't want to expose the network or want better/more stable troughput.

    Leave a comment:


  • billyswong
    replied
    Originally posted by geearf View Post
    Yeah it's not practical I agree, it's the whole job of a package manager after all, but it's still feasible so it's arguable in this case if security should be forgotten for that very purpose. I wonder if you can tether through bluetooth instead.
    USB tethering is usually for the case where the PC doesn't have wireless capability or the wireless driver isn't installed yet. So Bluetooth is unlikely a viable alternative.

    Leave a comment:


  • geearf
    replied
    Originally posted by Danny3 View Post

    I don't know which packages the Realtek firmware actually needs and what dependencies it pulls and how to download the dependencies too.]
    You can look it up manually on the distro's site, or do something like this:

    Code:
    pactree -s -u r8168
    r8168
    glibc
    linux-api-headers>=4.10
    tzdata
    filesystem
    iana-etc
    linux
    coreutils
    acl
    attr
    gmp
    gcc-libs
    sh
    readline
    ncurses
    libcap
    pam
    libtirpc
    krb5
    e2fsprogs
    util-linux-libs
    libldap
    libsasl
    gdbm
    openssl
    keyutils
    libverto-module-base
    libevent
    pambase
    audit
    libcap-ng
    libxcrypt
    initramfs
    awk
    mpfr
    mkinitcpio-busybox>=1.19.4-2
    kmod
    zlib
    xz
    zstd
    lz4
    util-linux>=2.23
    shadow
    systemd-libs
    libgcrypt
    libgpg-error
    libutempter
    libmagic.so=1-64
    bzip2
    libseccomp
    libarchive
    expat
    binutils
    jansson
    libelf
    curl
    ca-certificates
    ca-certificates-mozilla
    ca-certificates-utils>=20181109-3
    findutils
    p11-kit>=0.24.0
    libp11-kit=0.25.0-2.1
    libffi
    libtasn1
    brotli
    libidn2
    libunistring
    libnghttp2
    libpsl
    libssh2
    diffutils
    grep
    pcre2
    systemd
    cryptsetup
    device-mapper
    popt
    json-c
    argon2
    dbus
    iptables
    libnftnl
    libmnl
    libpcap
    libnl
    libnfnetlink
    libnetfilter_conntrack
    kbd
    hwdata
    That looks like a lot of packages​, a major pain to download manually, though in this case I'd bet all of them are already installed so probably just the firmware package to download/install. That's not always going to be the case though, and once you need a dozen packages or more, you'll likely need them at the correct older version too, cause if not you'll need to upgrade others already installed... and that is definitely not going to be fun to track down manualy, but it should be scriptable fairly easily I think.

    Originally posted by Danny3 View Post
    Besides being such a hassle to download them on the phone and then put them in the computer.

    And last time that I used USB tethering I used the friend's phone so not my phone with which I'm more familiar.
    Yeah it's not practical I agree, it's the whole job of a package manager after all, but it's still feasible so it's arguable in this case if security should be forgotten for that very purpose. I wonder if you can tether through bluetooth instead.

    Leave a comment:


  • Shtirlic
    replied
    The same "not clear" decision like disabling NTLM v1 in samba rendering apple time capsules and some other devices unusable, but we keep EISA bus detection even if you can't disable it via kernel cmdline, brilliant.

    Leave a comment:


  • binarybanana
    replied
    I still don't get what's supposed to be insecure about this.

    My phone does use this and it's not that old. I really don't want to do some weird proxying through adb when I need tethering...

    Leave a comment:


  • Danny3
    replied
    Originally posted by geearf View Post

    Can't you download the packages you need on your phone and then copy them over to your desktop? It doesn't seem like you need tethering for certain. That's what I usually do when I break an install and need to fix it.
    I don't know which packages the Realtek firmware actually needs and what dependencies it pulls and how to download the dependencies too.

    Besides being such a hassle to download them on the phone and then put them in the computer.

    And last time that I used USB tethering I used the friend's phone so not my phone with which I'm more familiar.

    Leave a comment:

Working...
X