Security Policy Enhancement: Zero Pixel Initialization

Announcements pertaining to ImageMagick, or ImageMagick related software. This list is moderated. No discussions here, instead post to the users group instead.
Post Reply
User avatar
magick
Site Admin
Posts: 10663
Joined: 2003-05-31T11:32:55-07:00

Security Policy Enhancement: Zero Pixel Initialization

Post by magick » 2017-05-21T06:09:09-07:00

As of ImageMagick 7.0.5-5 and 6.9.8-4, you can allocate the pixel cache and some internal buffers with anonymous memory mapping rather than from heap. As a consequence, the pixels, and certain internal buffers, are initialized to zero. You can also securely delete any temporary files for increased security. The value is the number of times to shred (replace its content with random data before deleting) a temporary file. As an example, add this to your policy.xml configuration file:

Code: Select all

<policy domain="system" name="memory-map" value="anonymous"/>
<policy domain="cache" name="memory-map" value="anonymous"/>
<policy domain="system" name="shred" value="1"/>

Post Reply