Microsoft’s proprietary protocol, Remote Network Driver Interface Specification (RNDIS), started with a good idea. It would enable hardware vendors to add networking support to USB devices without having to build them from scratch. There was only one little problem. RNDIS has no security to speak of.
As Greg Kroah-Hartman, the Linux Foundation fellow responsible for stable Linux kernel releases, wrote in November 2022 on the Linux Kernel Mailing List (LKML), “The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on any system that uses it with untrusted hosts or devices. Because the protocol is impossible to make secure, just disable all RNDIS drivers to prevent anyone from using them again.”
He added, in another message, “The protocol was never designed to be used with untrusted devices. It was created, and we implemented support for it, when we trusted USB devices that we plugged into our systems, AND we trusted the systems we plugged our USB devices into.”
That’s no longer the case. Kroah-Hartman concluded, “Today, with untrusted hosts and devices, it’s time just to retire this protocol. As I mentioned in the patch comments, Android disabled this many years ago in their devices, with no loss of functionality.”
Well, that’s simple enough. So, why are we still talking about it today?
What happened was that users started worrying that this would disrupt their network USB tethering support. It turns out that more people than you might think were networking via USB cellular, Ethernet, and Wi-Fi devices.
Security? What’s that?
As Kroah-Hartman said in a follow-up LKML message in January 2023. “I guess systems that use this will always have to trust that the device plugged into them is “trusted.” Seems like an easy way to get access to a “locked down” system if you ever need it.”
He’s not wrong. There are reasons why security-conscious businesses don’t allow any USB-connected devices on-premises, and this is one of them.
But now, sick and tired of having a built-in Windows security exploit in Linux, Kroah-Hartman has decided that enough was enough. He’s disabled all the RNDIS protocol drivers in Linux’s Git repository.
That means that while the RNDIS code is still in the Linux kernel, if you try to build Linux using this new patch, all your RNDIS drivers will be broken and won’t build. This is one step short of purging RNDIS from Linux.
There is another way to support networking over USB. This is the Network Control Model (NCM) protocol. It has the advantage of being secure and already supported in Linux.
This approach, though, worries Maciej Żenczykowski, a Google Linux Kernel Networking Developer. That’s because CDC-ECM is not well supported in Android phones. The only Android phones he knows of “that have switched to NCM instead of RNDIS for USB tethering are Google Pixel 6+” and newer Pixel smartphones.
And, that’s a problem because people use the RNDIS driver Linux laptops to USB tether off Android phones. So, according to Żenczykowski, “this will break USB tethering off of the *vast* majority of Android phones – likely including most of those currently being manufactured and sold.”
So, with security concerns on one side, and interoperability concerns on another, what will happen next? Stay tuned to see if this patch is submitted into the Linux 6.7 kernel merge window and if it will make it into the next version of Linux.