Security Policy: Change in Behavior

Announcements pertaining to ImageMagick, or ImageMagick related software. This list is moderated. No discussions here, instead post to the users group instead.
User avatar
Site Admin
Posts: 11254
Joined: 2003-05-31T11:32:55-07:00

Security Policy: Change in Behavior

Post by magick »

We saw a need for improving the security policy behavior. Prior to ImageMagick 7.0.4-7 and 6.9.7-7, any one coder rule that did not grant permission to a particular coder, denied the use of that coder. Now rules are processed in order. For example, suppose we want to restrict ImageMagick to only read or write a small subset of proven web-safe image types:

Code: Select all

<policy domain="delegate" rights="none" pattern="*" />
<policy domain="coder" rights="none" pattern="*" />
<policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
Yoya has a detailed blog describing the security policy behavior change @