Summary: | graphics/ImageMagick6-nox11: policy.xml still needed? | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Pascal Christen <pascal.christen> |
Component: | Individual Port(s) | Assignee: | freebsd-desktop (Team) <desktop> |
Status: | Closed Not A Bug | ||
Severity: | Affects Many People | CC: | adridg, diizzy |
Priority: | --- | Flags: | pascal.christen:
maintainer-feedback-
pascal.christen: maintainer-feedback- |
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Description
Pascal Christen
2019-02-28 14:26:34 UTC
Do we have a good reason for this now? See https://stackoverflow.com/questions/52703123/override-default-imagemagick-policy-xml Since the patched `policy.xml` is installed as a sample file, it doesn't matter much. However, the *un*patched policy file does a poor job of showing what kinds of policies / restrictions one might want to put in place. For that matter, so does the documentation at https://legacy.imagemagick.org/script/security-policy.php . So overall: we have a sample file that shows what might make sense if you're exposing ImageMagic to untrusted remote users: don't decode from https, .. don't support format MVG or MSL, whatever those are. The patch doesn't hurt, and might help a little. |