ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access
The shipped “secure” security policy includes a rule intended to prevent reading/writing from standard streams: <policy domain="path" rights="none" pattern="-"/> However, ImageMagick also supports fd: pseudo-filenames (e.g., fd:0, fd:1). This path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of “no stdin/stdout”. To resolve this, users can add the following change to their security policy. <policy domain="path" rights="none" pattern="fd:*"/> And this will also be …