Notices by Patrick Figel 🐣 (pfigel@mastodon.at)

Patrick Figel 🐣 (pfigel@mastodon.at)'s status on Monday, 16-Apr-2018 15:14:31 EDT Patrick Figel 🐣

Oh for fuck's sake, OpenSSL. Just when I was starting to think they'd finally gotten their shit together

In conversation Monday, 16-Apr-2018 15:14:31 EDT from mastodon.at permalink
Patrick Figel 🐣 (pfigel@mastodon.at)'s status on Monday, 04-Dec-2017 05:37:33 EST Patrick Figel 🐣

I wrote a thing on setting up nsjail to sandbox Mastodon's ImageMagick usage: https://offbyinfinity.com/2017/12/sandboxing-imagemagick-with-nsjail/
In conversation Monday, 04-Dec-2017 05:37:33 EST from mastodon.at permalink
Attachments
1. File without filename could not get a thumbnail source.
  
  Sandboxing ImageMagick with nsjail
  
  from Off by Infinity
  
  ImageMagick is the go-to image conversion library in many environments. It’s written in C and doesn’t have the best track record on security. Last year, a major vulnerability called ImageTragick (yes, there’s a logo) made the news. Even Facebook turned out to be vulnerable. While secure alternatives exist, many existing projects have a hard dependency on ImageMagick and abstracting the image conversion can be quite involved. If you find yourself in a situation where you can’t avoid using ImageMagick, sandboxing can help you mitigate the damage in the event of a compromise.

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.