Add another burned vuln to the php7 rules

author: Julien Voisin 2023-02-16 11:35:19 +0100
committer: GitHub 2023-02-16 11:35:19 +0100
commit: b5fd2a9ec46260e55ffd49aa68b2d0d4f9828707 (patch)
tree: 94385c57bb12962f69d2c2f1fcab4781aeb45166 /config
parent: aa6380abe6f85443841baf708a1d28f474d5f6c8 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/config/default.rules b/config/default.rules
index 232197a..2fa77d5 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -44,6 +44,7 @@ sp.disable_function.function("mail").param("additional_parameters").value_r("\\-
 # Since it's now burned, me might as well mitigate it publicly
 sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()
+sp.disable_function.function("putenv").param("setting").value("PATH").drop()
 # This one was burned in Nov 2019 - https://gist.github.com/LoadLow/90b60bd5535d6c3927bb24d5f9955b80
 sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop()
author	Julien Voisin	2023-02-16 11:35:19 +0100
committer	GitHub	2023-02-16 11:35:19 +0100
commit	b5fd2a9ec46260e55ffd49aa68b2d0d4f9828707 (patch)
tree	94385c57bb12962f69d2c2f1fcab4781aeb45166 /config
parent	aa6380abe6f85443841baf708a1d28f474d5f6c8 (diff)

diff --git a/config/default.rules b/config/default.rules index 232197a..2fa77d5 100644 --- a/config/default.rules +++ b/config/default.rules
@@ -44,6 +44,7 @@ sp.disable_function.function("mail").param("additional_parameters").value_r("\\-
44		44
45	# Since it's now burned, me might as well mitigate it publicly	45	# Since it's now burned, me might as well mitigate it publicly
46	sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()	46	sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()
		47	sp.disable_function.function("putenv").param("setting").value("PATH").drop()
47		48
48	# This one was burned in Nov 2019 - https://gist.github.com/LoadLow/90b60bd5535d6c3927bb24d5f9955b80	49	# This one was burned in Nov 2019 - https://gist.github.com/LoadLow/90b60bd5535d6c3927bb24d5f9955b80
49	sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop()	50	sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop()