End of an Era: Linux to Disable USB RNDIS Protocol Drivers
Greg Kroah-Hartman, a distinguished Fellow at The Linux Foundation, is poised to eliminate the USB RNDIS protocol drivers from the Linux kernel entirely. This initiative reflects Hartman’s long-standing intention, first proposed back on November 23, 2022, to remove these outdated components from the operating system.
Recent Developments
Fast forward to December 23, 2024, the long-awaited commit has been reintroduced. In his message accompanying this significant update, Hartman articulated concerns about the RNDIS protocol, originally implemented during the Windows XP era. He emphasized its growing redundancy and highlighted the security vulnerabilities it introduces to contemporary systems.
USB: disable all RNDIS protocol drivers
The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on any system that uses it with untrusted hosts or devices. Because the protocol is impossible to make secure, just disable all rndis drivers to prevent anyone from using them again. Windows only needed this for XP and newer systems, Windows systems older than that can use the normal USB class protocols instead, which do not have these problems. Android has had this disabled for many years so there should not be any real systems that still need this.
Understanding RNDIS
For those who are not well-acquainted, the Remote Network Driver Interface Specification (RNDIS) is a protocol designed for Ethernet (IEEE 802.3) network devices. This bus-independent messaging protocol facilitates dynamic Plug and Play (PnP) connectivity across various interfaces, including USB, 1394, Bluetooth, and InfiniBand, allowing host drivers to seamlessly support multiple networking devices.
Legacy and Current Usage
Since its inception, RNDIS has been included in various versions of Windows, notably Windows 10 and Windows 11. Although the protocol’s presence continues in the latest Windows 11 version 24H2, it is noteworthy that the RNDIS driver does not install automatically on these newer systems, reflecting an ongoing transition away from its reliance.
If you’re interested, Windows 11 24H2 has updated support for NDIS version 6.89, further emphasizing the evolution of networking technologies.
To view the commit details, check out the link available here: Commit Details on LKML.
For further insights, you can explore more from the source: Neowin.
Leave a Reply