Host-built sample challenge not guaranteed to work in challenge container

Question

Host-built sample challenge not guaranteed to work in challenge container

gkelly opened this issue 2 years ago · 3 comments

In the local testing walkthrough there's an instruction to build the challenge binary using the host toolchain:

make -C challenge

However, my Ubuntu 22.04 host builds a binary with a different glibc version requirement and this results in the challenge not running in the container:

[I][2022-08-20T20:44:18+0000] Executing '/home/user/chal' for '[STANDALONE MODE]'
/home/user/chal: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /home/user/chal)

Answer 1 · 2022-08-22T07:58:07.000Z

Yeah, for the GoogleCTF we solved this by building all challenge binaries in a Dockerfile themselves:
https://github.com/google/google-ctf/blob/master/2021/quals/kctf/challenge-templates/pwn/challenge/Makefile

We should probably upstream that change. The original motivation for it was to allow anyone to rebuild all challenge binaries without depending on certain packages on the host.

Answer 2 · 2022-08-22T07:58:19.000Z

@sirdarckcat wdyt?

Answer 3 · 2022-08-22T11:44:04.000Z

I feel it's a little bit weird it's in a Makefile though (I would expect the Makefile to be called within the Dockerfile, not the other way around).

We had some ideas about making all attachments "scratch" docker images iirc? Although I don't remember how we were planning to reference them