google / kctf

kCTF is a Kubernetes-based infrastructure for CTF competitions. For documentation, see
https://google.github.io/kctf/
Apache License 2.0
665 stars 73 forks source link

Host-built sample challenge not guaranteed to work in challenge container #384

Open gkelly opened 2 years ago

gkelly commented 2 years ago

In the local testing walkthrough there's an instruction to build the challenge binary using the host toolchain:

make -C challenge

However, my Ubuntu 22.04 host builds a binary with a different glibc version requirement and this results in the challenge not running in the container:

[I][2022-08-20T20:44:18+0000] Executing '/home/user/chal' for '[STANDALONE MODE]'
/home/user/chal: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /home/user/chal)
sroettger commented 2 years ago

Yeah, for the GoogleCTF we solved this by building all challenge binaries in a Dockerfile themselves: https://github.com/google/google-ctf/blob/master/2021/quals/kctf/challenge-templates/pwn/challenge/Makefile

We should probably upstream that change. The original motivation for it was to allow anyone to rebuild all challenge binaries without depending on certain packages on the host.

sroettger commented 2 years ago

@sirdarckcat wdyt?

sirdarckcat commented 2 years ago

I feel it's a little bit weird it's in a Makefile though (I would expect the Makefile to be called within the Dockerfile, not the other way around).

We had some ideas about making all attachments "scratch" docker images iirc? Although I don't remember how we were planning to reference them