Re: [PATCH] USB: disable all RNDIS protocol drivers

From: Oliver Neukum
Date: Thu Jul 13 2023 - 04:39:13 EST




On 13.07.23 07:34, Greg Kroah-Hartman wrote:
On Thu, Jul 13, 2023 at 02:28:26AM +0200, Johannes Berg wrote:
On Wed, 2023-07-12 at 18:39 +0200, Greg Kroah-Hartman wrote:

Hi,
All we said is that your statement of "RNDIS is fundamentally unfixable"
doesn't make a lot of sense. If this were the case, all USB drivers
would have to "trust the other side" as well, right?

No, well, yes. See the zillion patches we have had to apply to the
kernel over the years when someone decided that "usb devices are not to
be trusted" that syzbot has helped find :)

Well, there are protocols that are in a sense unfixable. Like,
hypothetical example, you allow the execution of postscript code.
Hence it is kind of important to keep that distinction.

Yes, our attitude here is inconsistent. With the advent of Thunderbolt
we should have gone through all PCI drivers and audited them for things
malicious devices can do.
However, we can wait for Pandora for the purpose of this discussion.

It's not a DMA issue here, it's a "the protocol allows for buffer
overflows and does not seem to be able to be verified to prevent this"
from what I remember (it's been a year since I looked at this last,
details are hazy.) At the time, I didn't see a way that it could be
fixed, hence this patch.

That makes sort of sense, but still leaves us with the option of verifying
each memcopy for being within allowed buffers.

Now, by no means let me stop you from getting into your supervillain outfit
and write exploits. But just telling us the rest of the issues would do, though
not as well.

Regards
Oliver