Running hostile software in a container

Remember Skype, the once popular phone software? I used it a lot when we were traveling in South America, and international calls were insanely expensive. But I stopped using it when it was acquired by Microsoft, and they switched from a P2P model to centralized servers. From what I could observe, it gradually worsened from there, and I really thought I wouldn’t have to use it ever again. That was until somebody decided that we had to use Skype for Business instead of XMPP at work. There are a plethora of better alternatives. The one I use the most these days is Tox.

I use the Windows Workstation only for things that I can’t do on Linux. There is not much that falls into this category, besides VisualStudio compiling projects that involve MFC. There is Skype for Linux, but there is no official Skype for Business for Linux. So for a moment it looked like the Windows machine got a second task. But running an obfuscated malicious binary blob from Microsoft with known backdoors, that is online all the time on an operating system that can not be secured makes me uneasy. So I looked for a way to run it securely on Linux. The first thing I found was an open source implementation of the reverse engineered proprietary protocol as a plugin for Pidgin. That sounded good, but it didn’t work unfortunately. The second option was a closed source clone from tel.red. They provide their own apt repository with regular updates. That’s quite good actually, if you don’t care about closed source software, and the security of your device and data in general.

I learned about docker a while back, but only used it marginally so far. This was the first real use I had for it, so I started learning more about it. Copying and adapting a docker file is a lot easier than the articles I read so far made me believe. I found a couple of sites about packing Skype into a docker container, but none for Skype for Business. So I took one of the former ones and adapted it. To use my container, just follow these easy steps:

git clone https://github.com:ulrichard/docker-skype-business
cd docker-skype-business
sudo docker build -t skype .
sudo docker run -d -p 55555:22 --name skype_container skype
ssh-copy-id -p 55555 docker@localhost
ssh -X -p 55555 docker@localhost sky

The password for ssh-copy-id is “docker”.

Then log into sky with your credentials. You can do this every time, or you can store a configured copy of the container as follows:

docker commit skype_container skype_business

The next time, you just run it with:

sudo docker run -d -p 55555:22 skype_business
ssh -X -p 55555 docker@localhost sky

I left some pulseaudio stuff from the original container at least in the README file. I don’t intend to use it for anything but receiving chat messages. But if you want to, feel free to experiment and report back.

Leave a Reply

Your email address will not be published. Required fields are marked *