[0.12.24] [posila] Updater not dropping privilege

[AyrA]

The factorio updater runs with administrative permissions.

First of all, this is not needed in the zip version. If possible, it would be great to change it, so administrative permissions are only required, if the update fails due to actual permission errors (usually error code 5 for file I/O)

Second problem is somewhat bigger. After the update has been done, privileges are not dropped and factorio runs in administrative mode. This leaves open vulnerabilities:

• If the factorio server is compromised and delivers malicious code, it has full system access
• In case of game crashes or malicious mods, damages beyond the user account scope can be done.

The problem can be solved by dropping the privilege, once it is no longer needed. See here for how to.

[posila]

Hi, thanks for the report.
This was brought to our attention before: viewtopic.php?f=58&t=16774 and we decided it is best not to mess with updater right now.

Currently the update is done in two stages - 1) Factorio downloads update package and unpacks it into temp directory; 2) the second stage is launched from temp directory, it overwrites main directory and launches Factorio with parameter saying update is finished. So Factorio will clear temp directory.
Stage 2 is what runs in elevated mode. The base practice would be to have one extra stage: stage 2 would not be elevated and it would launch stage 3 with elevated rights for copying files, waited until stage 3 is done and than launched Factorio with original rights (without needing to explicitly drop them).

But running with administrator rights when updating zip version is a bug. That should be fixed for next version (so update to 0.12.25 will still ask for elevated rights, but next one should not).

So, people concerned with Factorio running malicious mods can use zip or Steam version for now.