Re: Why gnome-shell disables the extensions when the screen is idle?

From: "Jasper St. Pierre" <jstpierre mecheye net>
To: Jay Strict <jay strict posteo de>
Cc: Gnome Mailing List <gnome-shell-list gnome org>
Subject: Re: Why gnome-shell disables the extensions when the screen is idle?
Date: Thu, 17 Mar 2016 13:16:33 -0700

The main reason wasn't actually security -- an extension can simply
have a dummy disable() function if it wants. The main reason was that
a lot of the extensions simply weren't designed for the lock screen in
mind. The initial set of extensions that were uploaded were things
like a new Apps Menu, or a Bottom Panel, or a custom status icon and
top bar button.

These extensions didn't handle the case when the screen was locked,
and exposing the top bar button during that time would have been a
major information leak. It also seems like an easy thing to miss as an
extension author, so I didn't want to risk it.

It might be possible to extend the extension metadata format to
support a new "handlesLockScreen" key and not turn it off when that
happens.

On Thu, Mar 17, 2016 at 12:56 PM, Jay Strict <jay strict posteo de> wrote:

On 17.03.2016 16:04, Emmanuele Bassi wrote:

But the worst is that it was a futile effort because when the screen is
idle, gnome-shell disables the extensions. Why?


It's a security measure.


Hmm, is that so?

Since an extension can do whatever it wants with the UI, it can also
read the user's credentials from the session unlock screen;
alternatively, it could take over the whole thing, and impersonate the
user.


Since an extension can do whatever it wants with the UI, it can also
simulate a fake session unlock screen and read the user's credentials
from there;
alternatively, it does not need to take over the user's session, because
it already runs as the user's UID and can spawn new processes as the
user with GLib.spawn_async().


There may be sound arguments for disabling extensions on session lock,
but I doubt that those reasons are security. But maybe I am missing a
point here?


Kind regards,
Jay
_______________________________________________
gnome-shell-list mailing list
gnome-shell-list gnome org
https://mail.gnome.org/mailman/listinfo/gnome-shell-list




-- 
  Jasper

Follow-Ups:
- Re: Why gnome-shell disables the extensions when the screen is idle?
  - From: Juan Simón

References:
- Why gnome-shell disables the extensions when the screen is idle?
  - From: Juan Simón
- Re: Why gnome-shell disables the extensions when the screen is idle?
  - From: Emmanuele Bassi
- Re: Why gnome-shell disables the extensions when the screen is idle?
  - From: Jay Strict

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]