From ec67149705739f9c13dc1f5dee335768cab3d7a0 Mon Sep 17 00:00:00 2001
From: WhiteWinterWolf
Date: Sun, 9 May 2021 18:56:38 +0200
Subject: Fix disable function chmod

---
 config/default.rules | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'config/default.rules')

diff --git a/config/default.rules b/config/default.rules
index 74e1edb..ea65e01 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -33,8 +33,9 @@ sp.disable_xxe.enable();
 # https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery
 sp.cookie.name("PHPSESSID").samesite("lax");
 
-# Harden the `chmod` function
-sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop();
+# Harden the `chmod` function (0777 (oct = 511, 0666 = 438)
+sp.disable_function.function("chmod").param("mode").value("438").drop();
+sp.disable_function.function("chmod").param("mode").value("511").drop();
 
 # Prevent various `mail`-related vulnerabilities
 sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();
-- 
cgit v1.3