Dangerzone: Containers that contain containers that contain attackers

Dangerzone is a multi-platform project that performs a simple task; give it an untrusted document, and get back a sanitized one. Qubes did it first with disposable Xen VMs (see TrustedPDF), but Dangerzone is doing it with containers across all major platforms. How secure are containers though, and can you achieve VM-level parity with them?

In this talk we’ll discuss the attack surface of Linux containers, and how Dangezone uses gVisor to contain RCEs in document viewers. Even if you don’t use gVisor or are not interested in it, we’ll show some easy ways to harden your security-sensitive containers right now, for harm reduction purposes.