ImageMagick Policy Configuration

Announcements pertaining to ImageMagick, or ImageMagick related software. This list is moderated. No discussions here, instead post to the users group instead.
Post Reply
User avatar
magick
Site Admin
Posts: 10440
Joined: 2003-05-31T11:32:55-07:00

ImageMagick Policy Configuration

Post by magick » 2014-12-29T15:36:57-07:00

ImageMagick includes a policy configuration file, policy.xml. It is useful for limiting the resources consumed by ImageMagick and can help prevent a denial-of-service or other exploits. As an example, suppose you download an image from the internet and unbeknownst to you its been crafted to generate a 20000 by 20000 pixel image. ImageMagick will attempt to allocate enough resources (memory, disk) and your system will likely deny the resource request and exit. However, its also possible that your computer might temporarily be unavailable or ImageMagick may abort. To prevent such a scenario, you can set limits in the policy.xml configuration file. You may ask why ImageMagick does not already include reasonable limits? Simply because what is reasonable in your environment, might not be reasonable to someone else. We, for example, have access to a host with 1TB of memory whereas you may be running ImageMagick on an iPhone. If you utilize ImageMagick from a public website, you may want to increase security by preventing usage of the MVG or HTTPS coders. Only you can decide what are reasonable limits taking in consideration your environment. We provide this policy with reasonable limits and encourage you to use as a template for your own policy:

Code: Select all

<policymap>
  <policy domain="resource" name="temporary-path" value="/tmp"/>
  <policy domain="resource" name="memory" value="256MiB"/>
  <policy domain="resource" name="map" value="512MiB"/>
  <policy domain="resource" name="width" value="8KP"/>
  <policy domain="resource" name="height" value="8KP"/>
  <policy domain="resource" name="area" value="128MB"/>
  <policy domain="resource" name="disk" value="1GiB"/>
  <policy domain="resource" name="file" value="768"/>
  <policy domain="resource" name="thread" value="2"/>
  <policy domain="resource" name="throttle" value="0"/>
  <policy domain="resource" name="time" value="120"/>
  <policy domain="system" name="precision" value="6"/>
  <policy domain="cache" name="shared-secret" stealth="true" value="replace with your secret phrase"/>
  <policy domain="coder" rights="none" pattern="MVG" />
  <policy domain="delegate" rights="none" pattern="HTTPS" />  <!--  prevent 'curl' program from reading HTTPS URL's -->
  <policy domain="path" rights="none" pattern="@*"/>  <!-- indirect reads not permitted -->
</policymap>
Since we process multiple simultaneous sessions, we do not want any one session consuming all the available memory.With this policy, large images are cached to disk. If the image is too large and exceeds the pixel cache disk limit, the program exits. In addition, we place a time limit to prevent any run-away processing tasks. If any one image has a width or height that exceeds 8192 pixels, an exception is thrown and processing stops. As of ImageMagick 7.0.1-8 and 6.9.4-6, you can prevent the use of any delegate or all delegates (set the pattern to "*"). Note, prior to these releases, use a domain of "coder" to prevent delegate usage (e.g. domain="coder" rights="none" pattern="HTTPS"). The policy also prevents indirect reads. If you want to, for example, read text from a file (e.g. caption:@myCaption.txt), you'll need to remove this policy.

You can verify your policy changes are in effect with this command:

Code: Select all

-> identify -list policy
Path: policy.xml
  Policy: Resource
    name: time
    value: 120
  Policy: Resource
    name: throttle
    value: 0
  Policy: Resource
    name: thread
    value: 2
  Policy: Resource
    name: file
    value: 768
  Policy: Resource
    name: disk
    value: 1GiB
  Policy: Resource
    name: map
    value: 512MiB
  Policy: Resource
    name: memory
    value: 256MiB
  Policy: Resource
    name: area
    value: 128MB
  Policy: Resource
    name: height
    value: 8KP
  Policy: Resource
    name: width
    value: 8KP
  Policy: Resource
    name: temporary-path
    value: /tmp
  Policy: System
    name: precision
    value: 6
  Policy: Coder
    rights: None 
    pattern: MVG
  Policy: Delegate
    rights: None 
    pattern: HTTPS

Path: [built-in]
  Policy: Undefined
    rights: None 
For additional details about resource limits and the policy configuration file, read https://www.imagemagick.org/script/security-policy.php, https://www.imagemagick.org/script/resources.php, and https://www.imagemagick.org/script/arch ... .php#cache.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests