Page MenuHomeFeedback Tracker

Major security issue with #include
Assigned, WishlistPublic


With Arma 3 version 1.50 the #include preprocessor command can read files from any number of parent directories up to root*. That way an unpacked mission could access any file stored on the machine.
This is a major security issue, because it's possible to copy stuff like memory dumps or browser passwords.

Below is an example on how to access and copy the "C:/Windows/system.ini" file.

*Apperently this only applies to unpacked missions in the documents folder. It should however always be impossible to access files outside of the game folders. This limitation seems to work for packed missions and addons, but not unpacked missions.

Edited. {F26872}


Legacy ID
Steps To Reproduce
  1. Create mission with this init.sqf:

diag_log text preprocessFileLineNumbers 'hack.sqf';

  1. Create a file named hack.sqf:

#include "..\..\..\..\..\..\..\Windows\system.ini"

Additional Information

Noubernou posted this thread on reddit warning players about this exploit:

Event Timeline

commy2 edited Steps To Reproduce. (Show Details)Aug 28 2015, 11:33 PM
commy2 edited Additional Information. (Show Details)
commy2 set Category to Other.
commy2 set Reproducibility to Always.
commy2 set Severity to None.
commy2 set Resolution to Open.
commy2 set Legacy ID to 885416224.May 8 2016, 12:35 PM
commy2 edited a custom field.
dedmen added a subscriber: dedmen.Mar 31 2020, 2:12 PM

Should be fixed by disabling filePatching by default