Linux To Try Again To Disable All RNDIS Protocol Drivers
Several months back was work to disable all Microsoft Remote Network Driver Interface Specification (RNDIS) drivers in the Linux kernel on the basis of being insecure and other factors. That plan of disabling the RNDIS drivers was faced by opposition around concerns of potentially disrupting USB tethering support and the like. It's been months since hearing anything about updated plans for disabling or dropping the RNDIS drivers but the Git branch was updated today for disabling this class of drivers.
Remote Network Driver Interface Specification is the Microsoft specification built atop USB for providing a virtual Ethernet link on Windows and has been used by Linux and Android as well as other platforms too.
Greg Kroah-Hartman this morning updated the USB.git's rndis-removal Git branch. The lone new patch in the rndis-removal branch is for disabling all of these drivers. The patch makes all of these RNDIS drivers depend on "BROKEN" so it becomes clear to the user or the one building the Linux kernel that the drivers are broken and won't build. This is stopping short of immediately flushing out the driver source code from the Linux kernel tree. But if this patch is in the mainline Linux kernel for a cycle or two and no serious objections are raised, it's possible at that point the change would come of actually removing all of the driver sources from the kernel tree. Otherwise it's just as easy to revert this patch with the "BROKEN" disabling.
The patch continues to summarize the reasoning for disabling all the RNDIS drivers as:
We'll see if Greg KH ends up submitting this as part of the USB changes for the Linux 6.7 kernel merge window.
Remote Network Driver Interface Specification is the Microsoft specification built atop USB for providing a virtual Ethernet link on Windows and has been used by Linux and Android as well as other platforms too.
Greg Kroah-Hartman this morning updated the USB.git's rndis-removal Git branch. The lone new patch in the rndis-removal branch is for disabling all of these drivers. The patch makes all of these RNDIS drivers depend on "BROKEN" so it becomes clear to the user or the one building the Linux kernel that the drivers are broken and won't build. This is stopping short of immediately flushing out the driver source code from the Linux kernel tree. But if this patch is in the mainline Linux kernel for a cycle or two and no serious objections are raised, it's possible at that point the change would come of actually removing all of the driver sources from the kernel tree. Otherwise it's just as easy to revert this patch with the "BROKEN" disabling.
The patch continues to summarize the reasoning for disabling all the RNDIS drivers as:
"The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on any system that uses it with untrusted hosts or devices. Because the protocol is impossible to make secure, just disable all rndis drivers to prevent anyone from using them again.
Windows only needed this for XP and newer systems, Windows systems older than that can use the normal USB class protocols instead, which do not have these problems.
Android has had this disabled for many years so there should not be any real systems that still need this."
We'll see if Greg KH ends up submitting this as part of the USB changes for the Linux 6.7 kernel merge window.
43 Comments