search

redpwn / jail

An nsjail Docker image for CTF pwnables. Easily create secure, isolated xinetd/inetd-style services.
BSD 3-Clause "New" or "Revised" License
172 stars 13 forks source link

support half-closes #6

Open ethanwu10 opened 3 years ago

ethanwu10 commented 3 years ago

When one side (typically the client) half-closes the TCP stream to send an EOF to the other side, the connection is immediately terminated instead of allowing communications to continue for a short period. This behavior is sometimes used for signalling, especially if it is intentional for the program being hosted in the jail to only process after the EOF (e.g. sort), and thus is not compatible with the current implementation of redpwn/jail

Currently, in the jail proxy server for PoW, whenever one end of the socket reaches EOF, the entire socket is then close()d, which likely breaks half-closes at the proxy server. In addition, nsjail also immediately kills the process when the connection is half-closed, breaking half-close when jail is operating without a PoW in exec mode. We will need a patch to nsjail first to either disable the behavior or trigger the kill after a short delay.

DeadPackets commented 4 days ago

I fully support this enhancement. We heavily rely on this jail for our CTFs, and we regularly package web challenges inside it. It is extremely painful to have to work with web challenges that restart the entire environment on every connection, so having half-closes would be absolutely great for this use-case.