Improve the previous commit

author: jvoisin 2018-02-26 11:15:09 +0100
committer: jvoisin 2018-02-26 11:15:09 +0100
commit: 384eee9344a50dc35695e4adc22e67a30508ac01 (patch)
tree: 5b3daf3fe751b2981869bb1e4d61a1a76fd180f7 /config/default.rules
parent: b0fb67199808af09d78abc2ebfcdc10b8c45677c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/config/default.rules b/config/default.rules
index 8ac4498..7e3ee53 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -5,7 +5,7 @@ sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").dr
 sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();
 # Since it's now burned, me might as well mitigate it publicly
-sp.disable_function.function("putenv").param("setting").value_r("LD_PRELOAD").drop()
+sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()
 ##Prevent various `include`-related vulnerabilities
 sp.disable_function.function_r("^(?:require|include)_once$").value_r("\\.(?:php|php7|inc|tpl)$").allow();
author	jvoisin	2018-02-26 11:15:09 +0100
committer	jvoisin	2018-02-26 11:15:09 +0100
commit	384eee9344a50dc35695e4adc22e67a30508ac01 (patch)
tree	5b3daf3fe751b2981869bb1e4d61a1a76fd180f7 /config/default.rules
parent	b0fb67199808af09d78abc2ebfcdc10b8c45677c (diff)

diff --git a/config/default.rules b/config/default.rules index 8ac4498..7e3ee53 100644 --- a/config/default.rules +++ b/config/default.rules
@@ -5,7 +5,7 @@ sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").dr
5	sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();	5	sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();
6		6
7	# Since it's now burned, me might as well mitigate it publicly	7	# Since it's now burned, me might as well mitigate it publicly
8	sp.disable_function.function("putenv").param("setting").value_r("LD_PRELOAD").drop()	8	sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()
9		9
10	##Prevent various `include`-related vulnerabilities	10	##Prevent various `include`-related vulnerabilities
11	sp.disable_function.function_r("^(?:require\|include)_once$").value_r("\\.(?:php\|php7\|inc\|tpl)$").allow();	11	sp.disable_function.function_r("^(?:require\|include)_once$").value_r("\\.(?:php\|php7\|inc\|tpl)$").allow();