Page 1 of 1

Security Policy: Change in Behavior

Posted: 2017-02-09T17:06:20-07:00
by magick
We saw a need for improving the security policy behavior. Prior to ImageMagick 7.0.4-7 and 6.9.7-7, any one coder rule that did not grant permission to a particular coder, denied the use of that coder. Now rules are processed in order. For example, suppose we want to restrict ImageMagick to only read or write a small subset of proven web-safe image types:

Code: Select all

<policy domain="delegate" rights="none" pattern="*" />
<policy domain="coder" rights="none" pattern="*" />
<policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
Yoya has a detailed blog describing the security policy behavior change @ https://blog.awm.jp/2017/02/09/imagemagick-en/.