# NOTE: This hash is pinned to avoid version and environment differences.
FROM ubuntu:22.04@sha256:ce4a593b4e323dcc3dd728e397e0a866a1bf516a1b7c31d6aa06991baec4f2e0

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get -y update && \
    apt-get -y install xinetd && \
    rm -rf /var/lib/apt/lists/* && \
    groupadd -r pwn && \
    useradd -r -g pwn -d /home/pwn pwn

RUN cat > /etc/xinetd.d/pwn << 'EOF' && chmod 444 /etc/xinetd.d/pwn
service pwn
{
  type           = UNLISTED
  disable        = no
  socket_type    = stream
  protocol       = tcp
  wait           = no
  user           = pwn
  bind           = 0.0.0.0
  port           = 9999
  server         = /usr/bin/timeout
  server_args    = 180 /home/pwn/chall
}
EOF

WORKDIR /home/pwn
COPY --chmod=550 chal chall
COPY --chmod=444 flag.txt /flag.txt
RUN mv /flag.txt /flag-$(md5sum /flag.txt | awk '{print $1}').txt
RUN chmod 1733 /tmp /var/tmp /dev/shm && \
    chown -R root:pwn /home/pwn

EXPOSE 9999
CMD ["xinetd", "-dontfork"]
