Linux removes the Windows RNDIS protocol as unsafe

Microsoft's proprietary protocol, Remote Network Driver Interface Specification (RNDIS), started with a good idea. It would allow hardware vendors to add network support to USB devices without having to build them from scratch. There was just one small problem.

RNDIS has no insurance.

penguins

As Greg Kroah-Hartman, the Linux Foundation's contributor to stable Linux kernel releases, wrote in November 2022 on the LKML mailing list (Linux Kernel Mailing List)

“The Microsoft RNDIS protocol is, by design, insecure and vulnerable to any system using it with untrusted hosts or devices. Since the protocol cannot be made secure, simply disable all RNDIS drivers to prevent anyone else from using them again.”

In another message he added, “The protocol was never designed for use with untrusted devices. It was created, and we implemented it, on USB devices that we trust to connect to our systems, and we trust the systems that we connect to USB devices.”

This is no longer the case. Kroah-Hartman concluded:

“Today, with untrusted hosts and devices, it's time to retire this protocol. As I mention in the patch comments, Android disabled it years ago on its devices, without any loss in functionality.”

Thus Kroah-Hartman decided to disable all RNDIS protocol drivers from the Linux Git repository. This means that although the RNDIS code is still present in the Linux kernel, all RNDIS protocol drivers will be broken.

It is a step before the complete removal of RNDIS from Linux.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

2 Comments

Leave a Reply

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).