Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate preview system to external preview server systems #24424

Closed
LukasReschke opened this issue May 3, 2016 · 4 comments
Closed

Migrate preview system to external preview server systems #24424

LukasReschke opened this issue May 3, 2016 · 4 comments
Labels
enhancement security status/STALE
Milestone
maybe some day

Comments

@LukasReschke
Copy link
Member

LukasReschke commented May 3, 2016
edited by DeepDiver1975
Loading

Transferred from an older security tracker ticket to make it public. Ref https://github.com/owncloud/security-tracker/issues/156

Industry standard, pointed out already at https://github.com/owncloud/security-tracker/issues/85 in the general considerations.

This is even advised upstream, see: https://github.com/mkoppanen/imagick/tree/131c1238140aacb82883d8808cc33402dd1b70a3#security:

Because ImageMagick is used to process images it is feasibly possible for hackers to create images that contain invalid data to attempt to exploit these bugs. Because of this we recommend the following:

  1. Do not run Imagick in a server that is directly accessible from outside your network. It is better to either use it as a background task using something like SupervisorD or to run it in a separate server that is not directly access on the internet.
@LukasReschke LukasReschke added this to the backlog milestone May 3, 2016
@rullzer
Copy link
Contributor

rullzer commented May 4, 2016

I think this would be a very good idea!

As a bonus this would make the system more extendible (want an obscure preview format... write an app that does it).

@LukasReschke
Copy link
Member Author

Writing apps is actually already possible :)

@LukasReschke LukasReschke mentioned this issue May 4, 2016
Closed
@pierreozoux
Copy link
Contributor

What about the "recommendations" from: https://imagetragick.com/
It wouldn't be enough?

@MTRichards
Copy link
Contributor

If I read this correctly, the recommendations would be enough for the short term, but I think this solution from @LukasReschke is also to make the overall system less prone to these sorts of problems in the long run.

@PVince81 PVince81 mentioned this issue Aug 28, 2018
Closed
@steiny2k steiny2k mentioned this issue Sep 10, 2018
Closed
@michaelstingl michaelstingl mentioned this issue Jan 20, 2020
Closed
3 tasks
@refs refs mentioned this issue Jan 21, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement security status/STALE
Projects
None yet
Milestone
maybe some day
Development

No branches or pull requests
6 participants
@rullzer @LukasReschke @MTRichards @pierreozoux @AlexAndBear @ownclouders