Matthias Krause reports: modprobe uses the "basename" of the module argument as the module to load, as can be seen here: bbox:~# lsmod | grep vfat bbox:~# modprobe foo/bar/baz/vfat bbox:~# lsmod | grep vfat vfat 17135 0 fat 61984 1 vfat bbox:~# find /lib/modules/`uname -r` -name vfat.ko /lib/modules/3.18.0-rc5+/vfat.ko It should instead fail to load the module -- actually fail to *find* the module. This can even be abused to load arbitrary modules by nullifying enforced module prefixes some of the Linux kernel's subsystems try to apply to prevent just that: bbox:~# lsmod | grep usb bbox:~# ifconfig /usbserial up ifconfig: SIOCGIFFLAGS: No such device bbox:~# lsmod | grep usb usbserial 32201 0 The actual modprobe invocation, done by the kernel was: /sbin/modprobe -q -- netdev-/usbserial Due to the bug, the "netdev-" prefix including the "/" are ignored and the usbserial.ko module gets loaded. The same works for filesystems, e.g.: bbox:~# lsmod | grep snd_pcm bbox:~# mount -t /snd_pcm none / mount: mounting none on / failed: No such device bbox:~# lsmod | grep snd_pcm snd_pcm 88826 0 snd_timer 26606 1 snd_pcm snd 61141 2 snd_pcm,snd_timer This time the kernel called out to: /sbin/modprobe -q -- fs-/snd_pcm Note the "fs-" prefix. External reference: https://bugs.busybox.net/show_bug.cgi?id=7652 (cert maybe expired)
Created busybox tracking bugs for this issue: Affects: fedora-all [bug 1198098]
Statement: This issue affects the versions of busyboxas shipped with Red Hat Enterprise Linux 4, 5 and 6. Red Hat Product Security has rated this issue as having a low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.