Ask Ubuntu Asked on December 1, 2021
convert /home/bill/TempScan/*.png myfile.pdf
gives error message:
convert-im6.q16: not authorized `myfile.pdf' @ error/constitute.c/WriteImage/1037.
Any help would be appreciated!
Here's an even more convenient way that automatically gets the location(s) of the policy.xml file(s) and performs the search/replace on them all:
for file in `convert -list policy | grep "Path:" | grep -v built | sed 's/Path: (.*)/1/g'`; do sed -i 's/domain="coder" rights="none" pattern="PDF"/domain="coder" rights="read|write" pattern="PDF"/g' $file; done
Answered by Darren Hicks on December 1, 2021
Rather than re-loosening ImageMagick's security restrictions, I'd just use img2pdf.
It's specifically designed for this kind of use-case.
You should use img2pdf if your priorities are (in this order):
- always lossless: the image embedded in the PDF will always have the exact same color information for every pixel as the input
- small: if possible, the difference in filesize between the input image and the output PDF will only be the overhead of the PDF container itself
- fast: if possible, the input image is just pasted into the PDF document as-is without any CPU hungry re-encoding of the pixel data
Conventional conversion software (like ImageMagick) would either:
- not be lossless because lossy re-encoding to JPEG
- not be small because using wasteful flate encoding of raw pixel data
- not be fast because input data gets re-encoded
Another advantage of not having to re-encode the input (in most common situations) is, that img2pdf is able to handle much larger input than other software, because the raw pixel data never has to be loaded into memory.
This should be the equivalent command:
img2pdf --out myfile.pdf /home/bill/TempScan/*.png
If, for some reason, you can't do that (eg. can't install new packages), another potential avenue for lossless conversion would be to convert
your images into a multi-page TIFF file and then use tiff2pdf
from the libtiff tools.
Answered by ssokolow on December 1, 2021
Solution of abu_bua's solution really worked well for me. For convenience here in one command line with sed
:
sudo sed -i 's/rights="none" pattern="PDF"/rights="read|write" pattern="PDF"/g' /etc/ImageMagick-6/policy.xml
Answered by Antonin GAVREL on December 1, 2021
As vanadium posted, you have to change the ImageMagick policy.
sudo vim /etc/ImageMagick-6/policy.xml
and replace the line
<policy domain="coder" rights="none" pattern="PDF" />
with
<policy domain="coder" rights="read|write" pattern="PDF" />
If you only want to allow write, and not read, you can also erase the read|
part in the line above.
BTW, for those who are interested about the ImageMagick vulnerability, here are 2 informational links:
Answered by abu_bua on December 1, 2021
convert
is a powerful command line tool to convert graphics. Its support for PDF is provided by Ghostscript. Because of a significant security hole in Ghostscript prior to version 9.24, use of convert
on PDF files has been blocked as a stopgap. The issue has been fixed since Ghostscript version 9.24. While Ghostscript versions are updated to secure versions in all supported Ubuntu versions (at this time from Ubuntu 16.04 onwards), the usage restriction may still be in place.
The policy file is /etc/ImageMagick-6/policy.xml
. You may edit that file as root user to change the policies.
Eliminating all usage restrictions
For desktop users not running a webserver, simply eliminating these restrictions might be good enough. To that aim, one may delete the file, but it is better practice to "move the file out" by renaming it. With this command, you are renaming the file. As a result, all policies are lifted, but you still can revert if needed:
sudo mv /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xmlout
To revert to the original situation, just rename back to the original name:
sudo mv /etc/ImageMagick-6/policy.xmlout /etc/ImageMagick-6/policy.xml
Be well aware that moving the policy file out decreases system security.
Eliminating only the restriction to combine into PDF
For your specific case, gene_wood in a comment pointed to the posibility to selectively relax the policy for working with PDF files by commenting out one line:
<policy domain="coder" rights="none" pattern="PDF" />
Edit the file, and place comment marks around this line to disable this rule:
<!-- <policy domain="coder" rights="none" pattern="PDF" /> -->
If you do not want to eliminate all security policies, this is the way to go.
Answered by vanadium on December 1, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP