diff --git a/vendor/nsjail/README.md b/vendor/nsjail/README.md index c2b2783..35ddef5 100644 --- a/vendor/nsjail/README.md +++ b/vendor/nsjail/README.md @@ -15,7 +15,9 @@ Default options are listed below. JAIL_CWD=/ # default working directory of jail MOUNT_PROC=false # Whether to mount proc in the child container PORT=1337 # Listening port -MAX_CONNS_PER_IP=16 # Maximum number of connections per IP address. 0 is unlimited. +EXEC_BIN=/chal/pwn # Program to execute +EXEC_ARG= # Arguments to supply to program +MAX_CONNS_PER_IP=16 # Maximum number of connections per IP address. 0 is unlimited. MAX_MEMORY=67108864 # Maximum memory that processes can use. MAX_PIDS=16 # Maximum number of processes. TIME_LIMIT=60 # Timeout before connection is closed. @@ -28,4 +30,4 @@ There is default configuration inside context/nsjail.cfg. Just replace the file building your image if you need to change more than what is provided through the environment variables. -The only environment variable that is passed into the nsjail environment is the `FLAG` ENV variable. If it is not set then it is ignored. \ No newline at end of file +The only environment variable that is passed into the nsjail environment is the `FLAG` ENV variable. If it is not set then it is ignored. diff --git a/vendor/nsjail/context/chal/get-flag b/vendor/nsjail/context/chal/get-flag new file mode 100755 index 0000000..47efe61 --- /dev/null +++ b/vendor/nsjail/context/chal/get-flag @@ -0,0 +1,4 @@ +#!/bin/sh +read FLAG +export FLAG +exec $@ diff --git a/vendor/nsjail/context/nsjail-user.sh b/vendor/nsjail/context/nsjail-user.sh index 976de85..6b10a75 100644 --- a/vendor/nsjail/context/nsjail-user.sh +++ b/vendor/nsjail/context/nsjail-user.sh @@ -8,6 +8,8 @@ CONFIG=`cat "$CONFIG_FILE"` export MODE=${MODE:-LISTEN} export MOUNT_PROC=${MOUNT_PROC:-false} export PORT=${PORT:-1337} +export EXEC_BIN=${EXEC_BIN:-/chal/pwn} +export EXEC_ARG=${EXEC_ARG:-} export JAIL_CWD=${JAIL_CWD:-/} export MAX_CONNS_PER_IP=${MAX_CONNS_PER_IP:-16} export MAX_MEMORY=${MAX_MEMORY:-67108864} # 64MB @@ -40,3 +42,4 @@ if [ -f "/sys/fs/cgroup/cgroup.controllers" ]; then fi nsjail --config <(echo "$CONFIG" | envsubst) --env FLAG + diff --git a/vendor/nsjail/context/nsjail.cfg b/vendor/nsjail/context/nsjail.cfg index b76db18..ece7fec 100644 --- a/vendor/nsjail/context/nsjail.cfg +++ b/vendor/nsjail/context/nsjail.cfg @@ -64,5 +64,6 @@ mount: [ ] exec_bin { - path: "/chal/pwn" + path: "$EXEC_BIN" + arg: "$EXEC_ARG" } diff --git a/vendor/nsjail/dockerfiles/Dockerfile.debian b/vendor/nsjail/dockerfiles/Dockerfile.debian index ea13168..315fd82 100644 --- a/vendor/nsjail/dockerfiles/Dockerfile.debian +++ b/vendor/nsjail/dockerfiles/Dockerfile.debian @@ -2,7 +2,7 @@ ARG DEBIAN_VERSION ARG LIBPROTOBUF_VERSION -FROM ghcr.io/downunderctf/docker-vendor/bin-builder:debian-$DEBIAN_VERSION as base +FROM ghcr.io/downunderctf/docker-vendor/bin-builder:debian-$DEBIAN_VERSION AS base FROM base as build ARG LIBPROTOBUF_VERSION @@ -22,7 +22,7 @@ RUN apt-get update \ # hadolint ignore=DL3003,DL3059 RUN git clone https://github.com/google/nsjail.git /nsjail && cd /nsjail && make -FROM debian:$DEBIAN_VERSION-slim as dist +FROM debian:$DEBIAN_VERSION-slim AS dist ARG LIBPROTOBUF_VERSION RUN dpkg --add-architecture i386 \ && apt-get update \ diff --git a/vendor/nsjail/dockerfiles/Dockerfile.ubuntu b/vendor/nsjail/dockerfiles/Dockerfile.ubuntu index deeb0f2..390f870 100644 --- a/vendor/nsjail/dockerfiles/Dockerfile.ubuntu +++ b/vendor/nsjail/dockerfiles/Dockerfile.ubuntu @@ -2,7 +2,7 @@ ARG UBUNTU_VERSION ARG LIBPROTOBUF_VERSION -FROM ghcr.io/downunderctf/docker-vendor/bin-builder:ubuntu-$UBUNTU_VERSION as base +FROM ghcr.io/downunderctf/docker-vendor/bin-builder:ubuntu-$UBUNTU_VERSION AS base FROM base as build ARG LIBPROTOBUF_VERSION @@ -22,7 +22,7 @@ RUN apt-get update \ # hadolint ignore=DL3003,DL3059 RUN git clone https://github.com/google/nsjail.git /nsjail && cd /nsjail && make -FROM ubuntu:$UBUNTU_VERSION as dist +FROM ubuntu:$UBUNTU_VERSION AS dist ARG LIBPROTOBUF_VERSION RUN dpkg --add-architecture i386 \ && apt-get update \