diff options
Diffstat (limited to 'source/l/imagemagick/policy.xml.diff')
| -rw-r--r-- | source/l/imagemagick/policy.xml.diff | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/source/l/imagemagick/policy.xml.diff b/source/l/imagemagick/policy.xml.diff new file mode 100644 index 000000000..04b3a105e --- /dev/null +++ b/source/l/imagemagick/policy.xml.diff @@ -0,0 +1,30 @@ +--- ./config/policy.xml.orig 2017-07-15 12:33:46.000000000 -0500 ++++ ./config/policy.xml 2017-07-17 20:14:07.785459021 -0500 +@@ -55,6 +55,21 @@ + <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" /> + --> + <policymap> ++ <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> ++ <!-- SECURITY: disable potentially insecure coders: --> ++ <policy domain="coder" rights="none" pattern="EPHEMERAL" /> ++ <policy domain="coder" rights="none" pattern="HTTPS" /> ++ <policy domain="coder" rights="none" pattern="MVG" /> ++ <policy domain="coder" rights="none" pattern="MSL" /> ++ <policy domain="coder" rights="none" pattern="TEXT" /> ++ <policy domain="coder" rights="none" pattern="SHOW" /> ++ <policy domain="coder" rights="none" pattern="WIN" /> ++ <policy domain="coder" rights="none" pattern="PLT" /> ++ <!-- SECURITY: prevent indirect reads: --> ++ <policy domain="path" rights="none" pattern="@*" /> ++ <!-- SECURITY: prevent pipe to shell: --> ++ <policy domain="path" rights="none" pattern="|*" /> ++ <!-- Some examples: --> + <!-- <policy domain="system" name="shred" value="2"/> --> + <!-- <policy domain="system" name="precision" value="6"/> --> + <!-- <policy domain="system" name="memory-map" value="anonymous"/> --> +@@ -75,5 +90,4 @@ + <!-- <policy domain="path" rights="none" pattern="@*" /> --> + <!-- <policy domain="cache" name="memory-map" value="anonymous"/> --> + <!-- <policy domain="cache" name="synchronize" value="True"/> --> +- <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> --> + </policymap> |