diff options
Diffstat (limited to 'source/xap/imagemagick/policy.xml.diff')
-rw-r--r-- | source/xap/imagemagick/policy.xml.diff | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/source/xap/imagemagick/policy.xml.diff b/source/xap/imagemagick/policy.xml.diff deleted file mode 100644 index dc033c1c..00000000 --- a/source/xap/imagemagick/policy.xml.diff +++ /dev/null @@ -1,33 +0,0 @@ ---- ./config/policy.xml.orig 2016-06-10 07:19:41.000000000 -0500 -+++ ./config/policy.xml 2016-06-17 17:30:47.311584022 -0500 -@@ -49,6 +49,21 @@ - exceeds policy maximum so memory limit is 1GB). - --> - <policymap> -+ <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -+ <!-- SECURITY: disable potentially insecure coders: --> -+ <policy domain="coder" rights="none" pattern="EPHEMERAL" /> -+ <policy domain="coder" rights="none" pattern="HTTPS" /> -+ <policy domain="coder" rights="none" pattern="MVG" /> -+ <policy domain="coder" rights="none" pattern="MSL" /> -+ <policy domain="coder" rights="none" pattern="TEXT" /> -+ <policy domain="coder" rights="none" pattern="SHOW" /> -+ <policy domain="coder" rights="none" pattern="WIN" /> -+ <policy domain="coder" rights="none" pattern="PLT" /> -+ <!-- SECURITY: prevent indirect reads: --> -+ <policy domain="path" rights="none" pattern="@*" /> -+ <!-- SECURITY: prevent pipe to shell: --> -+ <policy domain="path" rights="none" pattern="|*" /> -+ <!-- Some examples: --> - <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> --> - <!-- <policy domain="resource" name="memory" value="2GiB"/> --> - <!-- <policy domain="resource" name="map" value="4GiB"/> --> -@@ -61,8 +76,4 @@ - <!-- <policy domain="resource" name="throttle" value="0"/> --> - <!-- <policy domain="resource" name="time" value="3600"/> --> - <!-- <policy domain="system" name="precision" value="6"/> --> -- <!-- <policy domain="coder" rights="none" pattern="MVG" /> --> -- <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> --> -- <!-- <policy domain="path" rights="none" pattern="@*"/> --> -- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> - </policymap> |