Image scaling: minimize security impact of scaler proc
For both static and dynamic image scaling, we have honed in on two approaches that end up forking out into a child process that performs the actual scaling logic (using graphicsmagick
). This can present security issues if that process runs with high enough privileges to do damage to the system. We should look into ways to reduce that process' priviliges to the bare minimum needed to function, and reduce its blast radius should something slip through regardless, e.g. using a chroot jail or container.
We should also look to constrain the amount of system resources gm
consumes such as memory use and thread count.
Edited by Matthias Käppler