GNOME.org
 

[gnome-shell] shellDBus: Use MetaContext:unsafe-mode to restrict Eval()

commit 7298ee23e91b756c7009b4d7687dfd8673856f8b
Author: Florian Müllner <fmuellner gnome org>
Date:   Thu Jun 17 01:50:50 2021 +0200

    shellDBus: Use MetaContext:unsafe-mode to restrict Eval()
    
    The Eval() method is unarguably the most sensitive D-Bus method
    we expose, since it allows running arbitrary code in the compositor.
    
    It is currently tied to the `development-tools` settings that is
    enabled by default. As users have become accustomed to the built-in
    commands that are enabled by the same setting (restart, lg, ...),
    that default cannot easily be changed.
    
    In order to restrict the method without affecting the rather harmless
    commands, guard it by the new MetaContext:unsafe-mode property instead
    of the setting.
    
    https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3943
    
    Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1970>

 js/ui/shellDBus.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
---
diff --git a/js/ui/shellDBus.js b/js/ui/shellDBus.js
index 6574cc5288..2f21ba41d7 100644
--- a/js/ui/shellDBus.js
+++ b/js/ui/shellDBus.js
@@ -54,7 +54,7 @@ var GnomeShell = class {
      *
      */
     Eval(code) {
-        if (!global.settings.get_boolean('development-tools'))
+        if (!global.context.unsafe_mode)
             return [false, ''];
 
         let returnValue;
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]