Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-24 20:44:57 -05:00
Code Issues Projects Releases Packages Wiki Activity

Sort RDNIS disabling and add docs

Browse source
This commit is contained in:
raja-grewal 2025-11-21 12:35:03 +00:00 committed by GitHub
parent 5adc007536
commit 4597fd16a9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 13 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -383,6 +383,8 @@ Miscellaneous modules:
- Replaced Modules: Disabled legacy drivers that have been entirely replaced and
superseded by newer drivers.
- RDNIS - Disabled as believed to have unfixable buffer overflow issues.
- Optional - USB Video Device Class: Disables the USB-based video streaming driver for
devices like some webcams and digital camcorders.

23
etc/modprobe.d/30_security-misc_disable.conf#security-misc-shared
View file

@ -291,6 +291,17 @@ install bcm43xx /usr/bin/disabled-miscellaneous-by-security-misc
install de4x5 /usr/bin/disabled-miscellaneous-by-security-misc
install prism54 /usr/bin/disabled-miscellaneous-by-security-misc
## RNDIS:
## Disabled as believed to have unfixable buffer overflow issues impossible to make secure.
## Used by some network devices common with Android USB tethering.
##
## https://en.wikipedia.org/wiki/RNDIS
## https://lkml.org/lkml/2022/11/23/728
## https://lore.kernel.org/lkml/2023071333-wildly-playroom-878b@gregkh/
##
install rndis_host /usr/bin/disabled-miscellaneous-by-security-misc
install usb_f_rndis /usr/bin/disabled-miscellaneous-by-security-misc
## USB Video Device Class:
## Disables the USB-based video streaming driver for devices like some webcams and digital camcorders.
##
@ -308,15 +319,3 @@ install prism54 /usr/bin/disabled-miscellaneous-by-security-misc
## https://github.com/Kicksecure/security-misc/issues/298
##
#install vivid /usr/bin/disabled-miscellaneous-by-security-misc
## RNDIS:
## Disable the RNDIS drivers used by some network devices (common with Android
## USB tethering). RNDIS as a protocol is believed to have supposedly
## unfixable buffer overflow issues and may be impossible to implement in a
## secure fashion.
##
## https://lkml.org/lkml/2022/11/23/728
## https://lore.kernel.org/lkml/2023071333-wildly-playroom-878b@gregkh/
##
install rndis_host /usr/bin/disabled-miscellaneous-by-security-misc
install usb_f_rndis /usr/bin/disabled-miscellaneous-by-security-misc