From 7f2c85310a1d115d4eb6b6b1ea9472cf343f9695 Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Sat, 12 Feb 2011 20:55:12 -0700 Subject: [PATCH] Document UNM problems, add in new tanks scripts --- doc/problems.txt | 3 +-- packages/ctfbase/service/ctfd/ctfd | 5 ++++- packages/tanks/service/tanksd/run | 2 +- packages/tanks/service/tanksd/tanksd | 9 +++------ 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/doc/problems.txt b/doc/problems.txt index d9c458b..c5f3825 100644 --- a/doc/problems.txt +++ b/doc/problems.txt @@ -1,7 +1,6 @@ Bugs ==== -* claim.cgi not exiting (maybe fixed?) * We need some programs so that we never have to edit .db files directly. I truncated tokens.db with > instead of >>. * Get erin to edit net-re @@ -16,7 +15,7 @@ Bugs * can't squirrel away scores * All tanks fixes are in LABEL=VAR/fixes * Pwnables are generating new tokens way too quickly -* chroot jail is worthless +* chroot jail isn't secure under Linux (see man page) Physical diff --git a/packages/ctfbase/service/ctfd/ctfd b/packages/ctfbase/service/ctfd/ctfd index 84f2bc8..53c6871 100755 --- a/packages/ctfbase/service/ctfd/ctfd +++ b/packages/ctfbase/service/ctfd/ctfd @@ -14,7 +14,10 @@ while true; do done # Fetch list of teams - wget -q -P /var/lib/ctf http://10.0.0.2/teams.txt & + teams=/var/lib/ctf/teams.txt + rm -f $teams.tmp + wget -q -O $teams.tmp http://10.0.0.2/teams.txt && \ + mv $teams.tmp $teams # Archive state state=/var/www/state.tar.gz.rc4 diff --git a/packages/tanks/service/tanksd/run b/packages/tanks/service/tanksd/run index 3abce47..c13e10f 100755 --- a/packages/tanks/service/tanksd/run +++ b/packages/tanks/service/tanksd/run @@ -8,5 +8,5 @@ ln -sf summary.html /var/www/tanks/index.html install -o ctf -d /var/lib/ctf/tanks/players -PATH=/bin:/opt/ctfbase/bin; export PATH +PATH=/bin:/opt/ctfbase/bin:/opt/tanks/bin; export PATH exec ./tanksd diff --git a/packages/tanks/service/tanksd/tanksd b/packages/tanks/service/tanksd/tanksd index 4ac425b..9502db9 100755 --- a/packages/tanks/service/tanksd/tanksd +++ b/packages/tanks/service/tanksd/tanksd @@ -100,15 +100,12 @@ EOF EOF # Get a token and add it to the redemption log - nc 10.0.0.2 1 -e /opt/tokens/bin/tokencli tanks ./category.key 3> $tfn + nc 10.0.0.2 1 -e /opt/ctfbase/bin/tokencli tanks ./category.key 3> $tfn k=$(cat $tfn) - /opt/tanks/bin/winners.awk $rfn | while read winner; do + winner.awk $rfn | while read winner; do hash=$(basename $winner) echo "Round $next winner: $hash" - - # Squirrel it away just in case - cat $tfn >> $winner/tokens - + # XXX: pull this out into another daemon # XXX: this puts the token in /proc/self/cmdline wget -q -s "http://10.0.0.2/claim.cgi?t=$hash&k=$k"