From ArchWiki
Jump to navigation Jump to search

graphicsmagick security and imagemagick security

Regarding template:expansion at the head of the article:

With graphicsmagick 1.3.36-3,

$ gm display 'some pdf file'

works. The pdf got displayed. At the same time, imagemagick fails to display that file, with a message about a security policy. I do have ghostscript: pdf, ps modules installed. These modules are optional dependency for both graphicsmagick and imagemagick. I am not sure graphicsmagick actually used those modules, although it seems reasonable that it did. graphicsmagick doesn't seem to have a parallel policy file to the imagemagick policy file. graphicsmagick also does not directly depends, or provides, a library similar to libmagic. For the one who would like to dig further, there is I skimmed it rapidly. My conclusion, which is actually merely a guess, is that graphicsmagick code, or configuration, or usability, is more subtly different, compared to imagemagick, than one might assume. And one should consider all that when considering graphicsmagick security as compared to imagemagick security. Regid (talk) 21:36, 14 June 2021 (UTC)