2119aadf0a
* Fix attachments getting processed despite failing content-type validation * Add a restrictive ImageMagick security policy tailored for Mastodon * Fix misdetection of MP3 files with large cover art * Reject unprocessable audio/video files instead of keeping them unchanged
28 lines
1 KiB
XML
28 lines
1 KiB
XML
<policymap>
|
|
<!-- Set some basic system resource limits -->
|
|
<policy domain="resource" name="time" value="60" />
|
|
|
|
<policy domain="module" rights="none" pattern="URL" />
|
|
|
|
<policy domain="filter" rights="none" pattern="*" />
|
|
|
|
<!--
|
|
Ideally, we would restrict ImageMagick to only accessing its own
|
|
disk-backed pixel cache as well as Mastodon-created Tempfiles.
|
|
|
|
However, those paths depend on the operating system and environment
|
|
variables, so they can only be known at runtime.
|
|
|
|
Furthermore, those paths are not necessarily shared across Mastodon
|
|
processes, so even creating a policy.xml at runtime is impractical.
|
|
|
|
For the time being, only disable indirect reads.
|
|
-->
|
|
<policy domain="path" rights="none" pattern="@*" />
|
|
|
|
<!-- Disallow any coder by default, and only enable ones required by Mastodon -->
|
|
<policy domain="coder" rights="none" pattern="*" />
|
|
<policy domain="coder" rights="read | write" pattern="{PNG,JPEG,GIF,HEIC,WEBP}" />
|
|
<policy domain="coder" rights="write" pattern="{HISTOGRAM,RGB,INFO}" />
|
|
</policymap>
|