[Bug 236109] graphics/ImageMagick6-nox11: policy.xml still needed?

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 25 Jan 2022 00:09:47 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236109

Adriaan de Groot <adridg@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |adridg@freebsd.org
         Resolution|---                         |Not A Bug
             Status|New                         |Closed

--- Comment #2 from Adriaan de Groot <adridg@freebsd.org> ---
Since the patched `policy.xml` is installed as a sample file, it doesn't matter
much. However, the *un*patched policy file does a poor job of showing what
kinds of policies / restrictions one might want to put in place. For that
matter, so does the documentation at
https://legacy.imagemagick.org/script/security-policy.php .

So overall: we have a sample file that shows what might make sense if you're
exposing ImageMagic to untrusted remote users: don't decode from https, ..
don't support format MVG or MSL, whatever those are. The patch doesn't hurt,
and might help a little.

-- 
You are receiving this mail because:
You are the assignee for the bug.