Securing ImageMagick installation

Posted on

Source: https://imagetragick.com/

Read original article, it explains, that specific formats can lead to local command execution. This makes me think and blame it for so many WordPress sites being hacked for no obvious reasons. If hacker can “somehow” upload malicious image , that will then be executed almost like a shell-command – that definitely explain a lot!

The easiest way to secure is to add suggested lines to policy.xml.

On most my servers it is /etc/ImageMagick-6/policy.xml

Simply add between <policymap> tags:


  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
  <policy domain="coder" rights="none" pattern="URL" />
  <policy domain="coder" rights="none" pattern="HTTPS" />
  <policy domain="coder" rights="none" pattern="MVG" />
  <policy domain="coder" rights="none" pattern="MSL" />
  <policy domain="coder" rights="none" pattern="TEXT" />
  <policy domain="coder" rights="none" pattern="SHOW" />
  <policy domain="coder" rights="none" pattern="WIN" />
  <policy domain="coder" rights="none" pattern="PLT" />
0
Security ,

Leave a Reply

Your email address will not be published. Required fields are marked *