aboutsummaryrefslogtreecommitdiff
path: root/usr/pkg/etc
diff options
context:
space:
mode:
authorJohn Ankarström <john@ankarstrom.se>2021-06-29 13:28:19 +0200
committerJohn Ankarström <john@ankarstrom.se>2021-06-29 13:28:51 +0200
commit70fcbed09f6882cbed71039db90377dfbc40081e (patch)
tree503db898bc828ddd8568b725b94500669263f8bb /usr/pkg/etc
parent0d51505700c8d0f2a093f1050d8664377aa1b82d (diff)
downloadlbsd-70fcbed09f6882cbed71039db90377dfbc40081e.tar.gz
Add /usr/pkg/etc/ImageMagick-7/policy.xml
Diffstat (limited to 'usr/pkg/etc')
-rw-r--r--usr/pkg/etc/ImageMagick-7/policy.xml94
1 files changed, 94 insertions, 0 deletions
diff --git a/usr/pkg/etc/ImageMagick-7/policy.xml b/usr/pkg/etc/ImageMagick-7/policy.xml
new file mode 100644
index 0000000..69c324f
--- /dev/null
+++ b/usr/pkg/etc/ImageMagick-7/policy.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policymap [
+ <!ELEMENT policymap (policy)*>
+ <!ATTLIST policymap xmlns CDATA #FIXED ''>
+ <!ELEMENT policy EMPTY>
+ <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
+ name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
+ stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
+]>
+<!--
+ Configure ImageMagick policies.
+
+ Domains include system, delegate, coder, filter, path, or resource.
+
+ Rights include none, read, write, execute and all. Use | to combine them,
+ for example: "read | write" to permit read from, or write to, a path.
+
+ Use a glob expression as a pattern.
+
+ Suppose we do not want users to process MPEG video images:
+
+ <policy domain="delegate" rights="none" pattern="mpeg:decode" />
+
+ Here we do not want users reading images from HTTP:
+
+ <policy domain="coder" rights="none" pattern="HTTP" />
+
+ The /repository file system is restricted to read only. We use a glob
+ expression to match all paths that start with /repository:
+
+ <policy domain="path" rights="read" pattern="/repository/*" />
+
+ Lets prevent users from executing any image filters:
+
+ <policy domain="filter" rights="none" pattern="*" />
+
+ Any large image is cached to disk rather than memory:
+
+ <policy domain="resource" name="area" value="1GP"/>
+
+ Use the default system font unless overwridden by the application:
+
+ <policy domain="system" name="font" value="/usr/share/fonts/favorite.ttf"/>
+
+ Define arguments for the memory, map, area, width, height and disk resources
+ with SI prefixes (.e.g 100MB). In addition, resource policies are maximums
+ for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
+ exceeds policy maximum so memory limit is 1GB).
+
+ Rules are processed in order. Here we want to restrict ImageMagick to only
+ read or write a small subset of proven web-safe image types:
+
+ <policy domain="delegate" rights="none" pattern="*" />
+ <policy domain="filter" rights="none" pattern="*" />
+ <policy domain="coder" rights="none" pattern="*" />
+ <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
+-->
+<policymap>
+ <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
+ <!-- <policy domain="resource" name="memory" value="2GiB"/> -->
+ <!-- <policy domain="resource" name="map" value="4GiB"/> -->
+ <!-- <policy domain="resource" name="width" value="10KP"/> -->
+ <!-- <policy domain="resource" name="height" value="10KP"/> -->
+ <!-- <policy domain="resource" name="list-length" value="128"/> -->
+ <!-- <policy domain="resource" name="area" value="100MP"/> -->
+ <!-- <policy domain="resource" name="disk" value="16EiB"/> -->
+ <!-- <policy domain="resource" name="file" value="768"/> -->
+ <!-- <policy domain="resource" name="thread" value="4"/> -->
+ <!-- <policy domain="resource" name="throttle" value="0"/> -->
+ <!-- <policy domain="resource" name="time" value="3600"/> -->
+ <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
+ <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
+ <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
+ <!-- <policy domain="path" rights="none" pattern="@*" /> -->
+ <!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
+ <!-- <policy domain="cache" name="synchronize" value="True"/> -->
+ <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
+ <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
+
+ <!--
+ -- Disable ghostscript coders as suggested by VU#332928
+ -- <https://www.kb.cert.org/vuls/id/332928>
+ -->
+ <policy domain="coder" rights="none" pattern="PS" />
+ <policy domain="coder" rights="none" pattern="PS2" />
+ <policy domain="coder" rights="none" pattern="PS3" />
+ <policy domain="coder" rights="none" pattern="EPS" />
+ <policy domain="coder" rights="none" pattern="PDF" />
+ <policy domain="coder" rights="none" pattern="XPS" />
+
+ <!-- <policy domain="system" name="shred" value="2"/> -->
+ <!-- <policy domain="system" name="precision" value="6"/> -->
+ <!-- <policy domain="system" name="font" value="/path/to/unicode-font.ttf"/> -->
+</policymap>