MG-GIMP
Artifact Content
Not logged in

Artifact 5c1c9d2da726d8f925ec102675434500d2c1c5f4:

Wiki page [Overview] by saul 2014-10-24 18:44:03.
D 2014-10-24T18:44:03.850
L Overview
P d19892142188c710932018b06a556c4c4ce27d12
U saul
W 2253
<h1>Overview</h1>

<h3>PURPOSE</h3>

This plugin is intended to permit Mediagoblin to host GIMP image and resource files, automatically creating suitable thumbnails and previews that would otherwise not be available (e.g., web browsers do not display GIMP's native XCF image files).

<h3>APPROACH</h3>

The first time a GIMP media or resource file is uploaded to Mediagoblin, a displayless GIMP process is started in the background running the Script-fu server. The plugin communicates with the Script-fu server over a TCP socket. Once the GIMP process is started, it continues running until the system is rebooted or the GIMP process is [shutdown manually]. Subsequent uploads of GIMP media or resource files do not have to start a new GIMP process (which can take anywhere from 3 to 20 seconds depending on the machine).

Instructions supplied to the GIMP "daemon" are written in Script-fu, GIMP's Scheme scripting language. GIMP will process the code it receives, which will produce the thumbnail and medium preview files (either PNG or JPG), and send a response back to Mediagoblin comprising a text string containing information about the original file and the names of the files produced. (This text string is formatted as a Python dict construct.)

<h3>SECURITY</h3>

GIMP's Script-fu server was not originally designed with security in mind. Prior to GIMP 2.8.11, it would respond to all messages sent on its TCP socket (port 10008 by default) [https://bugzilla.gnome.org/show_bug.cgi?id=708098|regardless of the originating IP address]. 

To mitigate the issue for these older versions of GIMP, it is recommended that GIMP be built without the Python plug-in (or that the [Python plug-in be removed]) and that the host's firewall block all traffic on the Script-fu server port. 

In addition, even with versions of GIMP after 2.8.11 other accounts on the same host could, in theory, send commands to the MG-GIMP TCP port and, to the extent that GIMP Script-fu permits, modify files that belong to the Mediagoblin user account. A malicious user could theoretically destroy your Mediagoblin installation. Until this situation is improved, it is not recommend to deploy MG-GIMP on hosts containing potentially malicious accounts.
Z 4f0fe2f221f124d53cbb8711cc85bc78