Update README.md, add warning
This commit is contained in:
parent
dd0d825f40
commit
7e708dc871
1 changed files with 7 additions and 1 deletions
|
@ -1,3 +1,9 @@
|
|||
# POTENTIAL SECURITY BREACH
|
||||
|
||||
This extension enables arbitrary code execution via `Eval()` dbus method. This means when you enable this extension, malicious apps, extensions or scripts can call the said dbus method and run malicious GJS codes on your machine.
|
||||
|
||||
The extension at https://extensions.gnome.org/extension/5952/eval-gjs/ was not uploaded nor maintained by me. **Please refrain from installing this extension at all.**
|
||||
|
||||
# Eval GJS GNOME Shell Extension
|
||||
|
||||
As of GNOME 41, the dbus method `Eval()` is now restricted with `MetaContext:unsafe-mode` property (see this [commit](https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1970/diffs?commit_id=f42df5995e08a89495e2f59a9ed89b5c03369bf8)). This extension provides unrestricted `Eval()` dbus method for running arbitrary code in the compositor.
|
||||
|
|
Loading…
Reference in a new issue