From ec67149705739f9c13dc1f5dee335768cab3d7a0 Mon Sep 17 00:00:00 2001
From: WhiteWinterWolf
Date: Sun, 9 May 2021 18:56:38 +0200
Subject: Fix disable function chmod

---
 config/default_php8.rules | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'config/default_php8.rules')

diff --git a/config/default_php8.rules b/config/default_php8.rules
index 893bfbc..c024176 100644
--- a/config/default_php8.rules
+++ b/config/default_php8.rules
@@ -34,8 +34,9 @@ sp.disable_xxe.enable();
 # https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery
 sp.cookie.name("PHPSESSID").samesite("lax");
 
-# Harden the `chmod` function
-sp.disable_function.function("chmod").param("permissions").value_r("^[0-9]{2}[67]$").drop();
+# Harden the `chmod` function (0777 (oct = 511, 0666 = 438)
+sp.disable_function.function("chmod").param("permissions").value("438").drop();
+sp.disable_function.function("chmod").param("permissions").value("511").drop();
 
 # Prevent various `mail`-related vulnerabilities
 sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();
-- 
cgit v1.3