Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ImageMagick ghostscript 'delegate' security policy blocking conversion

This seems to be related to my previous question where there was a ghostscript bug and thus ImageMagick devs made a security policy blocking PDF conversion. This was overcome by adjusting the policy file such that rights changed from "none" (by default) to "read | write"

My similar problem is initiated when running a command of the form

convert input.pdf output.jpg

Now with ghostscript version 9.27 (2019-04-04) and imagemagick version 7.0.8-56 Q16 x86_64 (2019-07-21) (I believe this is the newest version of each), I get this error

convert: attempt to perform an operation not allowed by the security policy `gs' @ error/delegate.c/ExternalDelegateCommand/378.
convert: no images defined `output.jpg' @ error/convert.c/ConvertImageCommand/3273.

So I have sudoedited /etc/ImageMagick-7/policy.xml such that the only uncommented lines in the <policymap> are changed from

<policy domain="delegate" rights="none" pattern="gs" />

to

<policy domain="coder" rights="read | write" pattern="PDF" />
<policy domain="delegate" rights="read | write" pattern="gs" />

but the problem persists. Equivalent results if simply commenting out or deleting the above line. This is reproducible on more than one of my Arch machines.

Is there a way to bypass this security policy default? Is it safe to do so?

like image 932
T. Zack Crawford Avatar asked Jul 25 '19 18:07

T. Zack Crawford


1 Answers

<policy domain="delegate" rights="none" pattern="gs" />

needs to be commented out. This is now noted on the imagemagick page of the arch wiki. That page currently cites these bug reports: FS#59778, FS#62171

For some reason, this didn't immediately work for me. Somehow I got it to work today by moving policy.xml to a backup (deleting), running the convert command, and moving back the original with the line above commented out.

like image 79
T. Zack Crawford Avatar answered Oct 21 '22 07:10

T. Zack Crawford