--- /dev/null
+<policymap>
+ <!-- Set some basic system resource limits -->
+ <policy domain="resource" name="time" value="60" />
+
+ <policy domain="module" rights="none" pattern="URL" />
+
+ <policy domain="filter" rights="none" pattern="*" />
+
+ <!--
+ Ideally, we would restrict ImageMagick to only accessing its own
+ disk-backed pixel cache as well as Mastodon-created Tempfiles.
+
+ However, those paths depend on the operating system and environment
+ variables, so they can only be known at runtime.
+
+ Furthermore, those paths are not necessarily shared across Mastodon
+ processes, so even creating a policy.xml at runtime is impractical.
+
+ For the time being, only disable indirect reads.
+ -->
+ <policy domain="path" rights="none" pattern="@*" />
+
+ <!-- Disallow any coder by default, and only enable ones required by Mastodon -->
+ <policy domain="coder" rights="none" pattern="*" />
+ <policy domain="coder" rights="read | write" pattern="{PNG,JPEG,GIF,HEIC,WEBP}" />
+ <policy domain="coder" rights="write" pattern="{HISTOGRAM,RGB,INFO}" />
+</policymap>
end
end
end
+
+# Set our ImageMagick security policy, but allow admins to override it
+ENV['MAGICK_CONFIGURE_PATH'] = begin
+ imagemagick_config_paths = ENV.fetch('MAGICK_CONFIGURE_PATH', '').split(File::PATH_SEPARATOR)
+ imagemagick_config_paths << Rails.root.join('config', 'imagemagick').expand_path.to_s
+ imagemagick_config_paths.join(File::PATH_SEPARATOR)
+end
cat aescling's git repositories / mastodon.git / commitdiff