Jerry/eval-gjs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update README.md, add warning

Browse source
This commit is contained in:
Tamado Ramot Sitohang 2023-09-17 22:08:39 +07:00 committed by GitHub
parent dd0d825f40
commit 7e708dc871
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -1,3 +1,9 @@
# POTENTIAL SECURITY BREACH
This extension enables arbitrary code execution via `Eval()` dbus method. This means when you enable this extension, malicious apps, extensions or scripts can call the said dbus method and run malicious GJS codes on your machine.
The extension at https://extensions.gnome.org/extension/5952/eval-gjs/ was not uploaded nor maintained by me. **Please refrain from installing this extension at all.**
# Eval GJS GNOME Shell Extension
As of GNOME 41, the dbus method `Eval()` is now restricted with `MetaContext:unsafe-mode` property (see this [commit](https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1970/diffs?commit_id=f42df5995e08a89495e2f59a9ed89b5c03369bf8)). This extension provides unrestricted `Eval()` dbus method for running arbitrary code in the compositor.