[Rseding91] [1.0.0] game.server_save can write to paths outside the save directory

This subforum contains all the issues which we already resolved.
Post Reply
Copy link
User avatar
Shados
Burner Inserter
Burner Inserter
Posts: 8
Joined: Sat Mar 05, 2016 11:08 am
Contact:
Contact Shados

[Rseding91] [1.0.0] game.server_save can write to paths outside the save directory

Post by Shados »

`game.server_save` will happily accept full paths to write to, not simply filenames. It works with both absolute (e.g. /tmp/save, C:\save) and relative paths that lead outside the save directory (e.g. ../save). The save process automatically appends .zip to the final path, limiting its potential impact, but maliciously-crafted mods could still abuse it to nuke arbitrary .zip files on computers hosting multiplayer games.
Top
Rseding91
Factorio Staff
Factorio Staff
Posts: 14152
Joined: Wed Jun 11, 2014 5:23 am
Contact:
Contact Rseding91

Re: [1.0.0] game.server_save can write to paths outside the save directory

Post by Rseding91 »

Thanks for the report. It's now fixed for the next release.
If you want to get ahold of me I'm almost always on Discord.
Top
Post Reply

Return to “Resolved Problems and Bugs”