Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability

Questions and postings pertaining to the development of ImageMagick, feature enhancements, and ImageMagick internals. ImageMagick source code and algorithms are discussed here. Usage questions which are too arcane for the normal user list should also be posted here.
Post Reply
vinc
Posts: 2
Joined: 2016-06-01T19:36:34-07:00
Authentication code: 1151

Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability

Post by vinc » 2016-06-01T19:55:40-07:00

There is no policy.xml on RHEL5 instances.

vinc
Posts: 2
Joined: 2016-06-01T19:36:34-07:00
Authentication code: 1151

Re: Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability

Post by vinc » 2016-06-01T19:57:01-07:00

Is there any other configuration file to modify like delegates.xml https://www.imagemagick.org/discourse-s ... 4&start=15

User avatar
fmw42
Posts: 25142
Joined: 2007-07-02T17:14:51-07:00
Authentication code: 1152
Location: Sunnyvale, California, USA

Re: Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability

Post by fmw42 » 2016-06-01T19:57:30-07:00

Afew posts below yours is viewtopic.php?f=2&t=29614

EDIT: you found it as I was posting. Sorry I do not know more.

User avatar
magick
Site Admin
Posts: 10996
Joined: 2003-05-31T11:32:55-07:00

Re: Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability

Post by magick » 2016-06-02T03:58:20-07:00

Its likely that Redhat will issue an update soon that disables popen(). Until then, your options are to build the latest release from source, sanitize any 'convert' commands, or sandbox ImageMagick.

Post Reply