Add get-flag and options to change exec command

DownUnderCTF · Jul 12, 2024 · 511a92e · 511a92e
1 parent bd544b8
commit 511a92e
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 7 deletions.
diff --git a/vendor/nsjail/README.md b/vendor/nsjail/README.md
@@ -15,7 +15,9 @@ Default options are listed below.
 JAIL_CWD=/		# default working directory of jail
 MOUNT_PROC=false        # Whether to mount proc in the child container
 PORT=1337               # Listening port
-MAX_CONNS_PER_IP=16      # Maximum number of connections per IP address. 0 is unlimited.
+EXEC_BIN=/chal/pwn      # Program to execute 
+EXEC_ARG=               # Arguments to supply to program
+MAX_CONNS_PER_IP=16     # Maximum number of connections per IP address. 0 is unlimited.
 MAX_MEMORY=67108864     # Maximum memory that processes can use.
 MAX_PIDS=16             # Maximum number of processes.
 TIME_LIMIT=60           # Timeout before connection is closed.
@@ -28,4 +30,4 @@ There is default configuration inside context/nsjail.cfg. Just replace the file
 building your image if you need to change more than what is provided through the environment
 variables.
 
-The only environment variable that is passed into the nsjail environment is the `FLAG` ENV variable. If it is not set then it is ignored.
+The only environment variable that is passed into the nsjail environment is the `FLAG` ENV variable. If it is not set then it is ignored.
diff --git a/vendor/nsjail/context/chal/get-flag b/vendor/nsjail/context/chal/get-flag
@@ -0,0 +1,4 @@
+#!/bin/sh
+read FLAG
+export FLAG
+exec $@
diff --git a/vendor/nsjail/context/nsjail-user.sh b/vendor/nsjail/context/nsjail-user.sh
@@ -8,6 +8,8 @@ CONFIG=`cat "$CONFIG_FILE"`
 export MODE=${MODE:-LISTEN}
 export MOUNT_PROC=${MOUNT_PROC:-false}
 export PORT=${PORT:-1337}
+export EXEC_BIN=${EXEC_BIN:-/chal/pwn}
+export EXEC_ARG=${EXEC_ARG:-}
 export JAIL_CWD=${JAIL_CWD:-/}
 export MAX_CONNS_PER_IP=${MAX_CONNS_PER_IP:-16}
 export MAX_MEMORY=${MAX_MEMORY:-67108864} # 64MB
@@ -40,3 +42,4 @@ if [ -f "/sys/fs/cgroup/cgroup.controllers" ]; then
 fi
 
 nsjail --config <(echo "$CONFIG" | envsubst) --env FLAG
+
diff --git a/vendor/nsjail/context/nsjail.cfg b/vendor/nsjail/context/nsjail.cfg
@@ -64,5 +64,6 @@ mount: [
 ]
 
 exec_bin {
-  path: "/chal/pwn"
+  path: "$EXEC_BIN"
+  arg: "$EXEC_ARG"
 }
diff --git a/vendor/nsjail/dockerfiles/Dockerfile.debian b/vendor/nsjail/dockerfiles/Dockerfile.debian
@@ -2,7 +2,7 @@ ARG DEBIAN_VERSION
 ARG LIBPROTOBUF_VERSION
 
 
-FROM ghcr.io/downunderctf/docker-vendor/bin-builder:debian-$DEBIAN_VERSION as base
+FROM ghcr.io/downunderctf/docker-vendor/bin-builder:debian-$DEBIAN_VERSION AS base
 
 FROM base as build
 ARG LIBPROTOBUF_VERSION
@@ -22,7 +22,7 @@ RUN apt-get update \
 # hadolint ignore=DL3003,DL3059
 RUN git clone https://github.com/google/nsjail.git /nsjail && cd /nsjail && make
 
-FROM debian:$DEBIAN_VERSION-slim as dist
+FROM debian:$DEBIAN_VERSION-slim AS dist
 ARG LIBPROTOBUF_VERSION
 RUN dpkg --add-architecture i386 \
  && apt-get update \

diff --git a/vendor/nsjail/dockerfiles/Dockerfile.ubuntu b/vendor/nsjail/dockerfiles/Dockerfile.ubuntu
@@ -2,7 +2,7 @@ ARG UBUNTU_VERSION
 ARG LIBPROTOBUF_VERSION
 
 
-FROM ghcr.io/downunderctf/docker-vendor/bin-builder:ubuntu-$UBUNTU_VERSION as base
+FROM ghcr.io/downunderctf/docker-vendor/bin-builder:ubuntu-$UBUNTU_VERSION AS base
 
 FROM base as build
 ARG LIBPROTOBUF_VERSION
@@ -22,7 +22,7 @@ RUN apt-get update \
 # hadolint ignore=DL3003,DL3059
 RUN git clone https://github.com/google/nsjail.git /nsjail && cd /nsjail && make
 
-FROM ubuntu:$UBUNTU_VERSION as dist
+FROM ubuntu:$UBUNTU_VERSION AS dist
 ARG LIBPROTOBUF_VERSION
 RUN dpkg --add-architecture i386 \
  && apt-get update \