# NOTE: This hash is pinned to avoid version and environment differences.
FROM ubuntu:22.04@sha256:3ba65aa20f86a0fad9df2b2c259c613df006b2e6d0bfcc8a146afb8c525a9751

RUN apt update && \
    apt install -y xinetd libseccomp-dev && \
    useradd -m pwn

WORKDIR /home/pwn

RUN cat > /usr/local/bin/run_chall << 'EOF' && chmod 755 /usr/local/bin/run_chall
#!/bin/sh
exec /usr/bin/timeout 180 /usr/bin/stdbuf -o0 -i0 /home/pwn/chall 2>/dev/null
EOF

RUN cat > /etc/xinetd.d/pwn << 'EOF' && chmod 444 /etc/xinetd.d/pwn
service pwn
{
  type           = UNLISTED
  disable        = no
  socket_type    = stream
  protocol       = tcp
  wait           = no
  user           = root
  bind           = 0.0.0.0
  port           = 1337
  server         = /usr/local/bin/run_chall
}
EOF

COPY chall .
COPY flag.txt .

RUN chown -R root:root /home/pwn && \
    chmod 755 /home/pwn && \
    chmod 755 /home/pwn/chall && \
    chmod 644 /home/pwn/flag.txt

EXPOSE 1337

CMD ["xinetd", "-dontfork"]
