tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Imagemagick policy



Am Thu, 19 Oct 2023 15:28:48 +0200
schrieb Thomas Klausner <wiz%gatalith.at@localhost>:

> I think since ImageMagick now delivers four to choose from, admins can
> easily deploy the one the want, and we should switch back to the
> default (in this case, open) policy to match what upstream provides.

+1

I was annoyed by the knee-jerk change in Linux distros that disabled
_writing_ of PS/PDF from image files, never understood which exploit
that was supposed to stop. That being said: I think the open policy is
sensible. The software has functionality. So of it might not be safe in
some contexts, but you should take care in those contexts or not
install the software at all.

I understand secure-by-default being a thing. But an imagemagick
install in all user contexts with disabled formats is the wrong
approach, IMHO.


Regards,

Thomas

-- 
Dr. Thomas Orgis
HPC @ Universität Hamburg


Home | Main Index | Thread Index | Old Index