#StackBounty: #server #security #virtualization #webserver #docker Simplest and most scalable way to isolate ImageMagick in VM or conta…

Bounty: 50

For users of my web service running on Ubuntu Server 16.04 or 18.04, I’d like to integrate features from such useful programs as ImageMagick. For example, I’d like to crop their profile pictures or create thumbnails.

But because software in general has bugs, and especially ImageMagick has a lot of them [1] [2], it would obviously best to isolate the execution of ImageMagick from the rest of the server, right?

So what’s the best way to isolate ImageMagick from a security perspective, taking into account that the setup should be as simple as possible and that ImageMagick will have to run every few seconds (or even multiple times per second at peak times)? Ideally, ImageMagick would not only be isolated from the host machine, but ImageMagick executions (with the data they operate on) would be isolated from each other as well.

I guess one can use a VM or containers (e.g. Docker) for this? Are containers better-suited because they are faster to set up and tear down again?

Moreover, what’s a good way to get started? I have taken a look at various manuals, but don’t know where exactly to start and which components I need.

Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.