# imagemagick and security: how paranoid to be?

## cazort

I can't find much information online about imagemagick and security.  I know that past versions of imagemagick have been found to be insecure but that known exploits have been fixed.

Are there many risks?

I'm currently looking at the following setup with a php script on a webserver, for an interactive website:

(1) upload file to temporary directory.

(2) scan it using fileinfo to figure out mime type, and toss out the file and log an error if it's not an image

(3) run imagemagick on it to resize.

(4) copy to final directory which will be live on the webserver

Should I be taking any more precautions?

----------

## Hu

That depends on who will have upload access.  If you trust the uploaders to be good upstanding people, then you are probably in good shape.  If you intend to expose this to the Internet and allow anyone to upload, I recommend that you build imagemagick with a hardened compiler.  Enable NX on the process.  If possible, use a hardened kernel with a MAC system.

A quick check of an ImageMagick ebuild does not indicate any known incompatibilities with the hardened compiler.

----------

## cazort

 *Hu wrote:*   

> That depends on who will have upload access.  If you trust the uploaders to be good upstanding people, then you are probably in good shape.  If you intend to expose this to the Internet and allow anyone to upload, I recommend that you build imagemagick with a hardened compiler.  Enable NX on the process.  If possible, use a hardened kernel with a MAC system.
> 
> A quick check of an ImageMagick ebuild does not indicate any known incompatibilities with the hardened compiler.

 

I'm (hoping) the uploaders will be upstanding people...it's a private part of the site, available only by invitation from existing users only.  But I am paranoid.  I built everything on this system with a hardened compiler.  I'm using a standard kernel though (which I know doesn't utilize all the benefits of the hardened compiler)...it's something I keep looking into but I want to make sure I'm focusing on the weakest link in my security...

----------

## Hu

Is this an x86 or amd64 system?  What is the output of cat /proc/cpuinfo?  If you have hardware support for NX, enabling it would be a big boost for almost no performance loss.  AMD64 systems seem to have NX enabled by default, but not all x86 CPUs support it.

You can use the tests from app-admin/paxtest to see what weaknesses remain.  Be aware that some tests still report vulnerable even on a hardened kernel.  Since you are not using a hardened kernel, expect to see even more tests report vulnerabilities.

----------

