shellDBus: Use MetaContext:unsafe-mode to restrict Eval()
The Eval() method is unarguably the most sensitive D-Bus method we expose, since it allows running arbitrary code in the compositor. It is currently tied to the `development-tools` settings that is enabled by default. As users have become accustomed to the built-in commands that are enabled by the same setting (restart, lg, ...), that default cannot easily be changed. In order to restrict the method without affecting the rather harmless commands, guard it by the new MetaContext:unsafe-mode property instead of the setting. https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3943 Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1970>
This commit is contained in:
parent
3bee7c7f4b
commit
7298ee23e9
@ -54,7 +54,7 @@ var GnomeShell = class {
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
Eval(code) {
|
Eval(code) {
|
||||||
if (!global.settings.get_boolean('development-tools'))
|
if (!global.context.unsafe_mode)
|
||||||
return [false, ''];
|
return [false, ''];
|
||||||
|
|
||||||
let returnValue;
|
let returnValue;
|
||||||
|
Loading…
Reference in New Issue
Block a user