Re: Imagemagick policy

To: Thomas Klausner <wiz%gatalith.at@localhost>
Subject: Re: Imagemagick policy
From: "Dr. Thomas Orgis" <thomas.orgis%uni-hamburg.de@localhost>
Date: Thu, 19 Oct 2023 14:03:11 +0000

Am Thu, 19 Oct 2023 15:28:48 +0200
schrieb Thomas Klausner <wiz%gatalith.at@localhost>:

> I think since ImageMagick now delivers four to choose from, admins can
> easily deploy the one the want, and we should switch back to the
> default (in this case, open) policy to match what upstream provides.

+1

I was annoyed by the knee-jerk change in Linux distros that disabled
_writing_ of PS/PDF from image files, never understood which exploit
that was supposed to stop. That being said: I think the open policy is
sensible. The software has functionality. So of it might not be safe in
some contexts, but you should take care in those contexts or not
install the software at all.

I understand secure-by-default being a thing. But an imagemagick
install in all user contexts with disabled formats is the wrong
approach, IMHO.


Regards,

Thomas

-- 
Dr. Thomas Orgis
HPC @ Universität Hamburg

References:
- Imagemagick policy
  - From: Thomas Klausner

Prev by Date: Imagemagick policy
Next by Date: HP UX 11.31 Variable OS_VERSION is recursive
Previous by Thread: Imagemagick policy
Next by Thread: Re: Imagemagick policy
Indexes:

Home | Main Index | Thread Index | Old Index