mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-21 11:18:06 +00:00
setuid root binary fixes
This commit is contained in:
@@ -2,16 +2,45 @@
|
||||
# -- Modules calling this function must provide a Makefile and any .c files within it's <module_name>/files directory
|
||||
|
||||
define secgen_functions::install_setuid_root_binary (
|
||||
$challenge_name, # Challenge name, used for the wrapper-directory
|
||||
$source_module_name, # Name of the module that calls this function
|
||||
$gcc_output_binary_name, # Temporary name of the binary output by gcc when when /bin/make runs the Makefile
|
||||
$challenge_binary_name, # Renamed binary on copy to challenge directory, could differ from above
|
||||
$storage_directory, # Storage directory
|
||||
$account, # User account (leak here if $storage_directory is not supplied)
|
||||
$flag, # ctf flag string
|
||||
$storage_dir = [''], # Optional: Storage directory (takes precedent if supplied, e.g. nfs / smb share dir)
|
||||
$strings_to_leak = [''], # Optional: strings to leak (could contain instructions or a message)
|
||||
) {
|
||||
|
||||
# Use either storage directory or account's home directory. storage_directory takes precedent
|
||||
if $storage_dir[0] != '' {
|
||||
$storage_directory = $storage_dir[0]
|
||||
$leaked_filenames = ["$challenge_name-instructions"]
|
||||
} elsif $account {
|
||||
$username = $account['username']
|
||||
$storage_directory = "/home/$username"
|
||||
$leaked_filenames = $account['leaked_filenames']
|
||||
|
||||
::accounts::user { $username:
|
||||
shell => '/bin/bash',
|
||||
password => pw_hash($account['password'], 'SHA-512', 'mysalt'),
|
||||
managehome => true,
|
||||
home_mode => '0755',
|
||||
}
|
||||
} else {
|
||||
err('dc16_amadhj::install: Either storage_directory or account is required')
|
||||
fail
|
||||
}
|
||||
|
||||
$compile_directory = "$storage_directory/tmp"
|
||||
$challenge_directory = "$storage_directory/$challenge_name"
|
||||
$modules_source = "puppet:///modules/$source_module_name"
|
||||
|
||||
# Create challenge directory
|
||||
file { $challenge_directory:
|
||||
ensure => directory,
|
||||
}
|
||||
|
||||
# Move contents of the module's files directory into compile directory
|
||||
file { $compile_directory:
|
||||
ensure => directory,
|
||||
@@ -24,10 +53,11 @@ define secgen_functions::install_setuid_root_binary (
|
||||
exec { "gcc_$gcc_output_binary_name-$compile_directory":
|
||||
cwd => $compile_directory,
|
||||
command => "/usr/bin/make",
|
||||
require => File[$challenge_directory, $compile_directory]
|
||||
}
|
||||
|
||||
# Move the compiled binary into the storage directory
|
||||
file { "$storage_directory/$challenge_binary_name":
|
||||
# Move the compiled binary into the challenge directory
|
||||
file { "$challenge_directory/$challenge_binary_name":
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
@@ -37,7 +67,7 @@ define secgen_functions::install_setuid_root_binary (
|
||||
}
|
||||
|
||||
# Drop the flag file on the box and set permissions
|
||||
file { "$storage_directory/flag":
|
||||
file { "$challenge_directory/flag":
|
||||
ensure => present,
|
||||
content => $flag,
|
||||
mode => '0600',
|
||||
@@ -47,6 +77,14 @@ define secgen_functions::install_setuid_root_binary (
|
||||
# Remove compile directory
|
||||
exec { "remove_$compile_directory":
|
||||
command => "/bin/rm -rf $compile_directory",
|
||||
require => File["$storage_directory/$challenge_binary_name", "$storage_directory/flag"]
|
||||
require => File["$challenge_directory/$challenge_binary_name", "$challenge_directory/flag"]
|
||||
}
|
||||
|
||||
# Leak messages / instructions in a text file in the storage directory / home directory
|
||||
::secgen_functions::leak_files { "$challenge_directory-strings_to_leak":
|
||||
storage_directory => $challenge_directory,
|
||||
leaked_filenames => $leaked_filenames,
|
||||
strings_to_leak => $strings_to_leak,
|
||||
leaked_from => $source_module_name,
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user