From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 9 Feb 2017 23:45:55 +0000 (-0500)
Subject: ...
X-Git-Tag: 7.0.4-8~28
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=56c6bc3705f49f3acd3b7726ae33e36e8c1af71d;p=imagemagick

...
---

diff --git a/config/policy.xml b/config/policy.xml
index 5ec314c46..c1b678381 100644
--- a/config/policy.xml
+++ b/config/policy.xml
@@ -13,7 +13,7 @@
 
   Domains include system, delegate, coder, filter, path, or resource.
 
-  Rights include none, read, write, and execute.  Use | to combine them,
+  Rights include none, read, write, execute and all.  Use | to combine them,
   for example: "read | write" to permit read from, or write to, a path.
 
   Use a glob expression as a pattern.
@@ -47,6 +47,13 @@
   with SI prefixes (.e.g 100MB).  In addition, resource policies are maximums
   for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
   exceeds policy maximum so memory limit is 1GB).
+
+  Rules are processed in order.  Here we want to restrict ImageMagick to only
+  read or write a small subset of proven web-safe image types:
+
+    <policy domain="delegate" rights="none" pattern="*" />
+    <policy domain="coder" rights="none" pattern="*" />
+    <policy domain="coder" rights="all" pattern="{GIF,JPEG,PNG,WEBP}" />
 -->
 <policymap>
   <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->