Dangerzone doc sanitizer

HulaHoop · May 30, 2020, 2:37pm

Dangerzone doc sanitizer from First Look Media now packaged for Debian. Uses containers for saboxing the conversion process. Supports OCR to make searchable PDF copies of documents.

Can we drop this into our repo?

madaidan · May 30, 2020, 4:19pm

I don’t like dangerzone. It just uses a simple Docker container for “sandboxing” which is rather weak. We can make a much stronger sandbox ourselves with barely any syscall, file, etc. access. The conversion process won’t need many resources so it’s not hard to make very tight restrictions for it (which Docker doesn’t provide).

Patrick · May 30, 2020, 9:24pm

I am not a big fan of docker just yet.

In context of their blog post, threat model it might even make sense.

Journalists on Windows are probably better off using an easy to use docker container wrapper (dangerzone) to open a PDF than opening it in Adboe Acrobat directly.

Docker based also means it might not easily start inside virtual machines since docker is also using virtualization since that would be nested virtualization?

madaidan · May 30, 2020, 10:55pm

Docker doesn’t use virtualization. It’s basically a fancy chroot with namespaces and seccomp.

HulaHoop · June 2, 2020, 1:16pm

It depends on the platform. Docker needs vtx on Windows and Mac, but there was work on doing away with this requirement.

In Linux it just needs cgroups. I might have to check if virtualization use is optional. If it’s possible on Linux wouldn’t this tool be worth it?