更新权限限制，以及脚本自删除

CTF-Archives · Sep 30, 2023 · 1b9ccae · 1b9ccae
1 parent 88b327d
commit 1b9ccae
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 10 deletions.
diff --git a/crypto-python_3.10-no_socket/Dockerfile b/crypto-python_3.10-no_socket/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.10.12-slim-bullseye
+FROM python:3.10.13-slim-bullseye
 
 # 制作者信息
 LABEL auther_template="CTF-Archives"
@@ -16,13 +16,18 @@ RUN apt-get install -y socat
 RUN python3 -m pip install -i https://pypi.tuna.tsinghua.edu.cn/simple \
     pycryptodome 
 
-# 拷贝源码和启动脚本至根目录
+# 拷贝源码和启动脚本至对应目录
 COPY ./src/ /app
-COPY ./service/docker-entrypoint.sh /docker-entrypoint.sh
-RUN chmod +x /docker-entrypoint.sh
+COPY ./service/docker-entrypoint.sh /app/docker-entrypoint.sh
+RUN chmod +x /app/docker-entrypoint.sh
+
+# 新建用户，并进行账户改变
+RUN useradd -m ctf
+RUN chown ctf:ctf /app
+USER ctf
 
 # [可选]指定对外暴露端口，对于GZCTF等平台，强制EXPOSE可能会造成非预期端口泄露，请酌情启用
 # EXPOSE 9999
 
 # 指定容器入口点
-ENTRYPOINT ["/bin/bash","/docker-entrypoint.sh"]
+ENTRYPOINT ["/bin/bash","/app/docker-entrypoint.sh"]
diff --git a/crypto-python_3.10-no_socket/service/docker-entrypoint.sh b/crypto-python_3.10-no_socket/service/docker-entrypoint.sh
@@ -1,5 +1,8 @@
 #!/bin/sh
 
+# 删除启动脚本，以防非预期
+rm -f /app/docker-entrypoint.sh
+
 # 通过socat转发Python会话
 # TCP4-LISTEN:9999 服务将会转发到9999端口
 # reuseaddr 启用端口复用，便于多用户同时连接同一个端口

diff --git a/crypto-python_3.8-no_socket/Dockerfile b/crypto-python_3.8-no_socket/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.8.17-slim-bullseye
+FROM python:3.8.18-slim-bullseye
 
 # 制作者信息
 LABEL auther_template="CTF-Archives"
@@ -16,13 +16,18 @@ RUN apt-get install -y socat
 RUN python3 -m pip install -i https://pypi.tuna.tsinghua.edu.cn/simple \
     pycryptodome 
 
-# 拷贝源码和启动脚本至根目录
+# 拷贝源码和启动脚本至对应目录
 COPY ./src/ /app
-COPY ./service/docker-entrypoint.sh /docker-entrypoint.sh
-RUN chmod +x /docker-entrypoint.sh
+COPY ./service/docker-entrypoint.sh /app/docker-entrypoint.sh
+RUN chmod +x /app/docker-entrypoint.sh
+
+# 新建用户，并进行账户改变
+RUN useradd -m ctf
+RUN chown ctf:ctf /app
+USER ctf
 
 # [可选]指定对外暴露端口，对于GZCTF等平台，强制EXPOSE可能会造成非预期端口泄露，请酌情启用
 # EXPOSE 9999
 
 # 指定容器入口点
-ENTRYPOINT ["/bin/bash","/docker-entrypoint.sh"]
+ENTRYPOINT ["/bin/bash","/app/docker-entrypoint.sh"]
diff --git a/crypto-python_3.8-no_socket/service/docker-entrypoint.sh b/crypto-python_3.8-no_socket/service/docker-entrypoint.sh
@@ -1,5 +1,8 @@
 #!/bin/sh
 
+# 删除启动脚本，以防非预期
+rm -f /app/docker-entrypoint.sh
+
 # 通过socat转发Python会话
 # TCP4-LISTEN:9999 服务将会转发到9999端口
 # reuseaddr 启用端口复用，便于多用户同时连接同一个端口