Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement export with file "sanitization" (content disarm/reconstruct) #862

Open
rocodes opened this issue Mar 13, 2023 · 4 comments
Open

Implement export with file "sanitization" (content disarm/reconstruct) #862

rocodes opened this issue Mar 13, 2023 · 4 comments

Comments

@rocodes
Copy link
Contributor

rocodes commented Mar 13, 2023
edited
Loading

This is a tracking issue for all the steps related to a document sanitization (aka content disarmament/reconstruction, aka malware mitigation) workflow.

The goal is a workflow that allows users to work with documents in electronic form, while minimizing the risk of malware.

Tasks include:

  • Draft/send out user research questions, particularly around initial file type support. (link: currently-supported file types for sdw and dangerzone)
  • Draft technical spec document, which will include answers to implementation decisions (single file vs batch processing, per-file VM vs batch, failure modes, initial file type support), configuration/provisioning, and initial (cli-based) workflow
  • Review + threat modeling of spec doc
  • Implementation (sub-tasks TBD once specs are approved)
  • Other tasks to be added as work progresses
@rocodes
Copy link
Contributor Author

rocodes commented Mar 13, 2023
edited
Loading

Tagging some related issues:
freedomofpress/securedrop-client#2007, #671, freedomofpress/securedrop-client#458, freedomofpress/securedrop-client#1725

@deeplow
Copy link
Contributor

deeplow commented May 7, 2024

Interesting, in the Qubes forum, someone named the approach of [qube A] -> [sanitizing in disp B] -> [qube C] as double-door system. That makes sense, but I feel like double-door implies more a door with two doors. If we need a name for this we could take inspiration from the medical world. Here are some samples: disinfection tunnel, decontamination tunnel.

@rocodes rocodes mentioned this issue Jul 24, 2024
Open
@kennethrrosen
Copy link

I'd be happy to take this on with a little guidance.

In my own dev setup I've experimented with using dz-dvm as a drop-in replacement for sd-viewer (for specific text-based submissions), but have had little success. I'm not sure the double-door system is necessary and may be overkill if the files aren't sanitized in bath (from separate sources) and the dangerzone VM is a disposable.

@deeplow deeplow mentioned this issue Oct 4, 2024
Open
@deeplow
Copy link
Contributor

deeplow commented Oct 4, 2024

Nice. I haven't given this one too much thought yet, but I think that's generally the right direction. But I think it's best to have design of how things will play together before moving forward with implementation.

I shared some very early ideas about how Dangerzone could fit at #564 (comment).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rocodes @deeplow @kennethrrosen