diff options
| -rw-r--r-- | config/default.rules | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/config/default.rules b/config/default.rules index 11d91b9..82f8b5d 100644 --- a/config/default.rules +++ b/config/default.rules | |||
| @@ -42,6 +42,13 @@ sp.disable_function.function("mail").param("additional_parameters").value_r("\\- | |||
| 42 | # Since it's now burned, me might as well mitigate it publicly | 42 | # Since it's now burned, me might as well mitigate it publicly |
| 43 | sp.disable_function.function("putenv").param("setting").value_r("LD_").drop() | 43 | sp.disable_function.function("putenv").param("setting").value_r("LD_").drop() |
| 44 | 44 | ||
| 45 | # This is also burned: | ||
| 46 | # ini_set('open_basedir','..');chdir('..');…;chdir('..');ini_set('open_basedir','/');echo(file_get_contents('/etc/passwd')); | ||
| 47 | # Since we have no way of matching on two parameters at the same time, we're | ||
| 48 | # blocking calls to open_basedir altogether: nobody is using it via ini_set anyway. | ||
| 49 | # Moreover, there are non-public bypasses that are also using this vector ;) | ||
| 50 | sp.disable_function.function("ini_set").param("varname").value_r("open_basedir").drop() | ||
| 51 | |||
| 45 | ##Prevent various `include`-related vulnerabilities | 52 | ##Prevent various `include`-related vulnerabilities |
| 46 | sp.disable_function.function("require_once").value_r("\.(inc|phtml|php)$").allow(); | 53 | sp.disable_function.function("require_once").value_r("\.(inc|phtml|php)$").allow(); |
| 47 | sp.disable_function.function("include_once").value_r("\.(inc|phtml|php)$").allow(); | 54 | sp.disable_function.function("include_once").value_r("\.(inc|phtml|php)$").allow(); |