PS/PDF etc in import-im6.q16 not allowed by security policy
[3rd attempt; first two flagged as spam]
On Thu 08 Jun 2023 at 17:11:01 (+0200), Roger Price wrote:
> On Thu, 8 Jun 2023, Greg Wooledge wrote:
>
> > Roger, what is the full command that you used? When I tested with
> > "import foo.png" it worked as expected.
One might assume that that's because .png is an allowed filetype:
Rules are processed in order. Here we want to restrict ImageMagick to only
read or write a small subset of proven web-safe image types:
[ … ] domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}"
> Previously I used to type "import foo.jpg" but got into the habit of
> typing "import /tmp/foo" which I now understand produces the error
> message.
>
> So this afternoon I went back to typing "import foo.jpg" and this
> works correctly, exactly as expected. Thanks. Roger
>
> PS I would have expected a PostScript file by default but now that I
> know that I must specify an acceptable image type, I don't complain.
> The man page says “By default, 'file' is written in the Postscript
> image format. To specify a particular image format, precede the
> filename with an image format name and a colon (i.e. ps:image) or
> specify the image type as the filename suffix (i.e. image.ps).”
That doesn't work on my bullseye, on account of:
domain="coder" rights="none" pattern="PS"
The first thing I do after installing imagemagick is to comment
out the corresponding line for PDF, very near the end of the file
/etc/ImageMagick-6/policy.xml. (Same for buster.) I haven't used
PS files for many years.
Cheers,
David.
Reply to: