Re: Why gnome-shell disables the extensions when the screen is idle?

From: Jay Strict <jay strict posteo de>
To: Emmanuele Bassi <ebassi gmail com>, Juan Simón <decedion gmail com>
Cc: Gnome Mailing List <gnome-shell-list gnome org>
Subject: Re: Why gnome-shell disables the extensions when the screen is idle?
Date: Thu, 17 Mar 2016 20:56:04 +0100

On 17.03.2016 16:04, Emmanuele Bassi wrote:

But the worst is that it was a futile effort because when the screen is
idle, gnome-shell disables the extensions. Why?


It's a security measure.


Hmm, is that so?

Since an extension can do whatever it wants with the UI, it can also
read the user's credentials from the session unlock screen;
alternatively, it could take over the whole thing, and impersonate the
user.


Since an extension can do whatever it wants with the UI, it can also
simulate a fake session unlock screen and read the user's credentials
from there;
alternatively, it does not need to take over the user's session, because
it already runs as the user's UID and can spawn new processes as the
user with GLib.spawn_async().


There may be sound arguments for disabling extensions on session lock,
but I doubt that those reasons are security. But maybe I am missing a
point here?


Kind regards,
Jay

Follow-Ups:
- Re: Why gnome-shell disables the extensions when the screen is idle?
  - From: Jasper St. Pierre

References:
- Why gnome-shell disables the extensions when the screen is idle?
  - From: Juan Simón
- Re: Why gnome-shell disables the extensions when the screen is idle?
  - From: Emmanuele Bassi

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]