InformAction Forums

Just a quick note to say that a user of http://sf.net/projects/softwarepolicy pointed out to me that Firefox causes a security policy violation warning when this add-on is launched. It seems that FlashGot tries to launch an executable, FlashGot.exe in the user's AppData profile folder. This executable doesn't seem to be part of the FlashGot installation process, rather it is 'dropped' from the FlashGot chrome every time the add-on is started.

Software Policy quite rightly blocks the launch of executables in the user's various browser-data folders, since the most likely source of such an exe would be a drive-by download from a hacked site. We could adjust Software Policy to make an exception in this one case, but I would rather we didn't, since doing so would weaken security against drive-bys.

The surprising thing is that FlashGot still works even if a Deny Execute flag is set on this executable. (and the Task Manager was checked to confirm it wasn't running from anywhere else) So, I'm not sure what purpose it serves, anyway.

Any thoughts or suggestions on this are welcome. Since FlashGot is very popular we'd like to accommodate it without security messages arising, but would need to do so without allowing other processes to similarly 'drop' executables which might not have so friendly a purpose.

From what I can see, it "drops" itself into your Profile the first time you "FlashGot" something, & then remains there thereafter (even if you remove FlashGot).

After that ... looks like it fires at least the first time you FlashGot something & your download manager isn't open.

Not sure what kind of cycle after that?
Suspects it caches whatever it needs - at least for a short period of time, firing again when necessary (again by some FlashGot related action).

While it does "run" (for an instant) it may only be used to set up a "tunnel" between different processes?

Whatever. My take.

Giorgio would have to say definitively.