averello/ImageMagick-mirror
1
0
Fork 0
mirror of https://github.com/ImageMagick/ImageMagick.git synced 2026-05-31 11:18:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

protect against relative paths

Browse Source
This commit is contained in:
Cristy
2026-02-05 08:04:10 -05:00
parent b3357d6e2b
commit 30fa8ba8cf
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/policy-secure.xml
+2
View File
@@ -93,6 +93,8 @@
<policy domain="path" rights="none" pattern="fd:*"/>
<!-- don't read sensitive paths. -->
<policy domain="path" rights="none" pattern="/etc/*"/>
<!-- Relative paths are not permitted. -->
<policy domain="path" rights="none" pattern="\.\.\/"/>
<!-- Indirect reads are not permitted. -->
<policy domain="path" rights="none" pattern="@*"/>
<!-- These image types are security risks on read, but write is fine -->
config/policy-websafe.xml
+2
View File
@@ -89,6 +89,8 @@
<policy domain="path" rights="none" pattern="fd:*"/>
<!-- don't read sensitive paths. -->
<policy domain="path" rights="none" pattern="/etc/*"/>
<!-- Relative paths are not permitted. -->
<policy domain="path" rights="none" pattern="\.\.\/"/>
<!-- Indirect reads are not permitted. -->
<policy domain="path" rights="none" pattern="@*"/>
<!-- Deny all image modules and specifically exempt reading or writing