> through ImageMagick (actually for resizing) will malicious code be > eliminated?
Most likely, if you have a recent version of ImageMagick and set limits to prevent denial of service attacks. Recent versions of ImageMagick have a number of possible exploits patched. These are all possible buffer overruns that were identified. However, there are no known exploits of ImageMagick due to a buffer overrun. In addition we eliminated the possibility of shell injection with the delegate subsystem by creating a symbolic link to any user specified filename where the symbolic link is a well-formed filename without any potentially dangerous shell meta-characters. To prevent denial of server set your limits. We use a 64MB limit for memory, 128MB for map, and 1GB for disk. This prevents any one user from consuming all available memory and prevents any image from consuming more that 1GB of disk (if it does the program exits). _______________________________________________ Magick-users mailing list [email protected] http://studio.imagemagick.org/mailman/listinfo/magick-users
