Fix rule 9001

4f499d0118fc · jfp · 5cbf37fbfc7c · 4f499d01
Commit 4f499d0118fc authored 2 years ago by jfp
--- a/secrules/rules09.py
+++ b/secrules/rules09.py
@@ -19,6 +19,11 @@
    can allow unauthorized users to modify their own or another user's execution
    environment."""
+    ebit = 0x4
+    wbit = 0x2
+    dbit = 0x8
+    rbit = 0x1
    if not fmt:
        print(file=fo)
        print('RULE 0901', file=fo)
@@ -37,12 +42,8 @@
            )[2][
                ossdef.OSS__PROTECTION
            ]   # type: ignore
-            if not (
+            wprot = (prot & 0xF000) >> 12
-                (prot & 0x8000)
+            if (wprot & wbit) == 0 or (wprot & dbit) == 0:
-                and (prot & 0x4000)
-                and (prot & 0x2000)
-                and (prot & 0x1000)
-            ):
                if fmt:
                    print('0901"2"', fn, file=fo)
                else:
@@ -60,7 +61,9 @@
    During checking of the listed files for non-privileged access, either:
    1) An attempt to open the files to check for other called procedures resulted
-    in an open failure,  -OR- 2) The listed command procedures reference other
+    in an open failure,
+    -OR-
+    2) The listed command procedures reference other
    command procedures which were not found.  If a file was required and deleted,
    a user could create a file with the same name.  This file then would run with
    privileged access allowing a user to gain unauthorized system access."""