You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When one side (typically the client) half-closes the TCP stream to send an EOF to the other side, the connection is immediately terminated instead of allowing communications to continue for a short period. This behavior is sometimes used for signalling, especially if it is intentional for the program being hosted in the jail to only process after the EOF (e.g. sort), and thus is not compatible with the current implementation of redpwn/jail
Currently, in the jail proxy server for PoW, whenever one end of the socket reaches EOF, the entire socket is then close()d, which likely breaks half-closes at the proxy server.
In addition, nsjail also immediately kills the process when the connection is half-closed, breaking half-close when jail is operating without a PoW in exec mode. We will need a patch to nsjail first to either disable the behavior or trigger the kill after a short delay.
The text was updated successfully, but these errors were encountered:
I fully support this enhancement. We heavily rely on this jail for our CTFs, and we regularly package web challenges inside it. It is extremely painful to have to work with web challenges that restart the entire environment on every connection, so having half-closes would be absolutely great for this use-case.
When one side (typically the client) half-closes the TCP stream to send an EOF to the other side, the connection is immediately terminated instead of allowing communications to continue for a short period. This behavior is sometimes used for signalling, especially if it is intentional for the program being hosted in the jail to only process after the EOF (e.g.
sort
), and thus is not compatible with the current implementation of redpwn/jailCurrently, in the jail proxy server for PoW, whenever one end of the socket reaches EOF, the entire socket is then
close()
d, which likely breaks half-closes at the proxy server.In addition, nsjail also immediately kills the process when the connection is half-closed, breaking half-close when jail is operating without a PoW in exec mode. We will need a patch to nsjail first to either disable the behavior or trigger the kill after a short delay.
The text was updated successfully, but these errors were encountered: