Lines Matching full:policy
10 <title>ImageMagick - Security Policy</title>
15 <meta name="keywords" content="security, policy, image processing software" />
32 <link href="../www/security-policy.html" rel="canonical" />
94 <h1 class="text-center">Security Policy</h1>
95 …policy.html#policy">Security Policy </a> • <a href="security-policy.html#synchronize">Pixel Cache …
98 …y <a href="https://imagemagick.org/source/policy.xml">policy</a> that suits your local environment…
100 …by adjusting the security policy per the requirements of your local environment or organizational …
102 …policy.xml">policy.xml</a> configuration file. You might wonder why ImageMagick does not already i…
106 <policy domain="resource" name="temporary-path" value="/data/magick"/>
107 <policy domain="resource" name="memory" value="256MiB"/>
108 <policy domain="resource" name="list-length" value="32"/>
109 <policy domain="resource" name="width" value="8KP"/>
110 <policy domain="resource" name="height" value="8KP"/>
111 <policy domain="resource" name="map" value="512MiB"/>
112 <policy domain="resource" name="area" value="16KP"/>
113 <policy domain="resource" name="disk" value="1GiB"/>
114 <policy domain="resource" name="file" value="768"/>
115 <policy domain="resource" name="thread" value="2"/>
116 <policy domain="resource" name="time" value="120"/>
117 <policy domain="coder" rights="write" pattern="{HTTP,HTTPS,MSVG,MVG,PS,EPS,PDF,XPS}" />
118 <policy domain="filter" rights="none" pattern="*" />
119 <policy domain="path" rights="none" pattern="@*"/> <!-- indirect reads not permitted -->
120 <policy domain="cache" name="memory-map" value="anonymous"/>
121 <policy domain="cache" name="synchronize" value="true"/>
122 <policy domain="cache" name="shared-secret" value="<em>passphrase</em>" stealth="True"/>
123 <policy domain="system" name="precision" value="6"/>
124 <policy domain="system" name="shred" value="1"/>
127 …policy, large images are cached to disk. If the image is too large and exceeds the pixel cache dis…
129 <p>Policy patterns are <em>case sensitive</em>. To get expected behavior, coders and modules must …
134 convert: attempt to perform an operation not allowed by the security policy `HTTPS'
139 <pre class="highlight"><code><policy domain="delegate" rights="none" pattern="*" />
140 <policy domain="module" rights="none" pattern="*" />
141 <policy domain="module" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" /></code></pre>
144 <pre class="highlight"><code><policy domain="module" rights="write" pattern="{PDF,PS,PS2,PS3,XPS…
147 <pre class="highlight"><code><policy domain="system" name="memory-map" value="anonymous"/>
148 <policy domain="cache" name="memory-map" value="anonymous"/>
149 <policy domain="system" name="shred" value="1"/></code></pre>
151 …location is instead memory-mapped on disk. Here we limit the maximum memory request by policy:</p>
152 <pre class="highlight"><code><policy domain="system" name="max-memory-request" value="256MiB"/> …
155 <pre class="highlight"><code><policy domain="resource" name="list-length" value="64"/></code></p…
157 <p>For additional details about resource limits and the policy configuration file, read <a href="..…
159 <p>As of ImageMagick 7.0.6-0, you can programmatically set the ImageMagick security policy with Set…
161 <p>As of ImageMagick version 7.0.8-11, you can set a module security policy. For example, to preve…
162 <pre class="highlight"><code><policy domain="module" rights="none" pattern="{ps,pdf,xps}/></code…
164 <p>As of ImageMagick version 7.0-10-52, you can set a font policy. Specify a path to a Unicode fon…
165 <pre class="highlight"><code><policy domain="system" name="font" value="/usr/share/fonts/arial-u…
167 <p>You can verify your policy changes are in effect with this command:</p>
169 <pre class="pre-scrollable highlight">-> identify -list policy
170 Path: ImageMagick-7/policy.xml
171 Policy: Cache
174 Policy: Cache
177 Policy: Resource
180 Policy: Resource
183 Policy: Resource
186 Policy: Resource
189 Policy: Resource
192 Policy: Resource
195 Policy: Resource
198 Policy: Resource
201 Policy: Resource
204 Policy: Resource
207 Policy: Resource
210 Policy: System
213 Policy: Coder
216 Policy: Filter
219 Policy: Path
222 Policy: System
227 Policy: Undefined
229 <p>Notice the <code>shared-secret</code> policy is not listed due to the <code>stealth</code> prope…
231 <h2><a class="anchor" id="synchronize"></a>Pixel Cache Synchronize Policy</h2>
233 … signal which prevents ImageMagick from continuing. To prevent a SIGBUS, use this security policy:
236 <policy domain="cache" name="synchronize" value="True"/>
241 <h2><a class="anchor" id="zero-configuration"></a>Zero Configuration Security Policy</h2>
243 …policy, you must instead edit the <code>MagickCore/policy-private.h</code> source module, add your…
248 <policy domain=\"coder\" rights=\"none\" pattern=\"MVG\"/> \
256 <p>In addition to the security policy, you can make ImageMagick safer by ...</p>
263 …gick temporary files by setting the <code>temporary-path</code> security policy or the <code>-defi…
271 <a href="security-policy.html">Security</a> •
274 …<a href="security-policy.html#"><img class="d-inline" id="wand" alt="And Now a Touch of Magick" wi…