slackware-current/source/l/imagemagick/policy.xml.diff
Patrick J Volkerding 272467a60b Mon Nov 16 21:23:09 UTC 2020
a/util-linux-2.36.1-x86_64-1.txz:  Upgraded.
l/imagemagick-7.0.10_38-x86_64-1.txz:  Upgraded.
l/lz4-1.9.3-x86_64-1.txz:  Upgraded.
l/mozjs78-78.5.0esr-x86_64-1.txz:  Upgraded.
n/ModemManager-1.14.8-x86_64-1.txz:  Upgraded.
n/mutt-2.0.1-x86_64-1.txz:  Upgraded.
xap/mozilla-firefox-78.5.0esr-x86_64-1.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/78.5.0/releasenotes/
2020-11-17 08:59:54 +01:00

32 lines
1.8 KiB
Diff

--- ./config/policy.xml.orig 2020-11-14 07:53:19.000000000 -0600
+++ ./config/policy.xml 2020-11-16 13:45:10.032089547 -0600
@@ -52,6 +52,21 @@
<policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
-->
<policymap>
+ <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
+ <!-- SECURITY: disable potentially insecure coders: -->
+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+ <policy domain="coder" rights="none" pattern="HTTPS" />
+ <policy domain="coder" rights="none" pattern="MVG" />
+ <policy domain="coder" rights="none" pattern="MSL" />
+ <policy domain="coder" rights="none" pattern="TEXT" />
+ <policy domain="coder" rights="none" pattern="SHOW" />
+ <policy domain="coder" rights="none" pattern="WIN" />
+ <policy domain="coder" rights="none" pattern="PLT" />
+ <!-- SECURITY: prevent indirect reads: -->
+ <policy domain="path" rights="none" pattern="@*" />
+ <!-- SECURITY: prevent pipe to shell: -->
+ <policy domain="path" rights="none" pattern="|*" />
+ <!-- Some examples: -->
<!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
<!-- <policy domain="resource" name="memory" value="2GiB"/> -->
<!-- <policy domain="resource" name="map" value="4GiB"/> -->
@@ -70,7 +85,6 @@
<!-- <policy domain="path" rights="none" pattern="@*" /> -->
<!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
<!-- <policy domain="cache" name="synchronize" value="True"/> -->
- <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
<!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
<!-- <policy domain="system" name="shred" value="2"/> -->
<!-- <policy domain="system" name="precision" value="6"/> -->