Page 1 of 1

settings in policy.xml on Debian testing

Posted: 2017-04-14T08:44:15-07:00
by chris_blues
Hi!

I just stumbled across, what I believe to be either a bug or some unconstructive preset found in /etc/ImageMagick-6/policy.xml:

Code: Select all

<policymap>
  <policy domain="resource" name="memory" value="256MiB"/>
  <policy domain="resource" name="map" value="512MiB"/>
  <policy domain="resource" name="width" value="16KP"/>
  <policy domain="resource" name="height" value="16KP"/>
  <policy domain="resource" name="area" value="128MB"/>
  <policy domain="resource" name="disk" value="1GiB"/>
[...]
</policymap>
Is this done in IM also, or is this Debian specific? If it's Debian-only I shall file a bug-report on this!

These settings may make sense for web-servers, on a Desktop-PC this is crap IMHO. Let it fail if it runs out of memory (I still could set "-limit map 32 -limit memory 32"), but keep me from editing big images puts a bad light on sth, that makes IM great.
And if it's intended for web-servers, this makes even less sense! If I wanted to run a web-server I should be able to set the restrictions, according to hardware and expected usage.

Ok, I'll stop ranting, but I just lost an hour of searching the web and trying to figure out, why my scripts don't work anymore!

Cheers
chris

Re: settings in policy.xml on Debian testing

Posted: 2017-04-16T08:03:46-07:00
by magick
ImageMagick does not set any security policies other than a shared-secret as discussed @ https://www.imagemagick.org/script/security-policy.php. You can of course discuss the default settings with your Linux OS distribution maintainers or modify the settings if you have administrative access to your host computer.

Re: settings in policy.xml on Debian testing

Posted: 2017-04-19T12:55:05-07:00
by chris_blues
Thanks for your reply!

So I'll have to take it up with Debian...

Cheers
chris