From e02d732d7cf06dd44007a7f0a0cb319acbacad97 Mon Sep 17 00:00:00 2001 From: Gwyneth Pena-Siguenza Date: Thu, 22 Jan 2026 14:00:27 -0500 Subject: [PATCH] fix: prevent flag leak in terraform output during provisioning Add guard to monitor_directory.sh to wait for setup_complete before starting inotifywait. Also adds 10s delay to ensure SSH session disconnects before monitoring begins. --- ctf_setup.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ctf_setup.sh b/ctf_setup.sh index a1c4961..a46b04d 100644 --- a/ctf_setup.sh +++ b/ctf_setup.sh @@ -594,6 +594,11 @@ cat > /usr/local/bin/monitor_directory.sh << 'EOF' #!/bin/bash DIRECTORY="/home/ctf_user/ctf_challenges" FLAG=$(cat /etc/ctf/flag_10) +# Wait for setup to complete before monitoring to avoid leaking flags during provisioning +while [ ! -f /var/log/setup_complete ]; do + sleep 5 +done +sleep 10 # Pre-create the trigger file location touch /tmp/.ctf_upload_triggered 2>/dev/null || true chmod 666 /tmp/.ctf_upload_triggered 2>/dev/null || true