Bug 236109 - graphics/ImageMagick6-nox11: policy.xml still needed?
Summary: graphics/ImageMagick6-nox11: policy.xml still needed?
Status: Closed Not A Bug
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-desktop (Team)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-28 14:26 UTC by Pascal Christen
Modified: 2022-01-25 00:09 UTC (History)
2 users (show)

See Also:
pascal.christen: maintainer-feedback-
pascal.christen: maintainer-feedback-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pascal Christen 2019-02-28 14:26:34 UTC
Hi

Why do we still need the polixy.xml, isn't ImageMagick patched for the need of this policy?

Greetings
Pascal

https://svnweb.freebsd.org/ports/head/graphics/ImageMagick6/files/patch-config_policy.xml?annotate=484640
Comment 1 Daniel Engberg freebsd_committer freebsd_triage 2021-12-08 19:42:57 UTC
Do we have a good reason for this now?
See https://stackoverflow.com/questions/52703123/override-default-imagemagick-policy-xml
Comment 2 Adriaan de Groot freebsd_committer freebsd_triage 2022-01-25 00:09:47 UTC
Since the patched `policy.xml` is installed as a sample file, it doesn't matter much. However, the *un*patched policy file does a poor job of showing what kinds of policies / restrictions one might want to put in place. For that matter, so does the documentation at https://legacy.imagemagick.org/script/security-policy.php .

So overall: we have a sample file that shows what might make sense if you're exposing ImageMagic to untrusted remote users: don't decode from https, .. don't support format MVG or MSL, whatever those are. The patch doesn't hurt, and might help a little.