settings in policy.xml on Debian testing

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
chris_blues
Posts: 10
Joined: 2016-06-27T12:56:11-07:00
Authentication code: 1151

settings in policy.xml on Debian testing

Post by chris_blues » 2017-04-14T08:44:15-07:00

Hi!

I just stumbled across, what I believe to be either a bug or some unconstructive preset found in /etc/ImageMagick-6/policy.xml:

Code: Select all

<policymap>
  <policy domain="resource" name="memory" value="256MiB"/>
  <policy domain="resource" name="map" value="512MiB"/>
  <policy domain="resource" name="width" value="16KP"/>
  <policy domain="resource" name="height" value="16KP"/>
  <policy domain="resource" name="area" value="128MB"/>
  <policy domain="resource" name="disk" value="1GiB"/>
[...]
</policymap>
Is this done in IM also, or is this Debian specific? If it's Debian-only I shall file a bug-report on this!

These settings may make sense for web-servers, on a Desktop-PC this is crap IMHO. Let it fail if it runs out of memory (I still could set "-limit map 32 -limit memory 32"), but keep me from editing big images puts a bad light on sth, that makes IM great.
And if it's intended for web-servers, this makes even less sense! If I wanted to run a web-server I should be able to set the restrictions, according to hardware and expected usage.

Ok, I'll stop ranting, but I just lost an hour of searching the web and trying to figure out, why my scripts don't work anymore!

Cheers
chris

User avatar
magick
Site Admin
Posts: 11043
Joined: 2003-05-31T11:32:55-07:00

Re: settings in policy.xml on Debian testing

Post by magick » 2017-04-16T08:03:46-07:00

ImageMagick does not set any security policies other than a shared-secret as discussed @ https://www.imagemagick.org/script/security-policy.php. You can of course discuss the default settings with your Linux OS distribution maintainers or modify the settings if you have administrative access to your host computer.

chris_blues
Posts: 10
Joined: 2016-06-27T12:56:11-07:00
Authentication code: 1151

Re: settings in policy.xml on Debian testing

Post by chris_blues » 2017-04-19T12:55:05-07:00

Thanks for your reply!

So I'll have to take it up with Debian...

Cheers
chris

Post Reply