ntfs-3g: add security fix for CVE-2017-0358

Jann Horn, Project Zero (Google) discovered that ntfs-3g, a read-write
NTFS driver for FUSE does not not scrub the environment before
executing modprobe to load the fuse module. This influence the behavior
of modprobe (MODPROBE_OPTIONS environment variable, --config and
--dirname options) potentially allowing for local root privilege
escalation if ntfs-3g is installed setuid.

Notice that Buildroot does NOT install netfs-3g setuid root, but custom
permission tables might be used, causing it to vulnerable to the above.

ntfs-3g does not seem to have a publicly available version control system
and no new releases have been made, so instead grab the patch from Debian.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

0 files changed, 0 insertions, 0 deletions