This commit is contained in:
JerryXiao 2023-10-15 15:35:59 +08:00
parent 7e708dc871
commit f18e7538bf
Signed by: Jerry
GPG key ID: 22618F758B5BE2E5
3 changed files with 10 additions and 16 deletions

View file

@ -2,8 +2,6 @@
This extension enables arbitrary code execution via `Eval()` dbus method. This means when you enable this extension, malicious apps, extensions or scripts can call the said dbus method and run malicious GJS codes on your machine.
The extension at https://extensions.gnome.org/extension/5952/eval-gjs/ was not uploaded nor maintained by me. **Please refrain from installing this extension at all.**
# Eval GJS GNOME Shell Extension
As of GNOME 41, the dbus method `Eval()` is now restricted with `MetaContext:unsafe-mode` property (see this [commit](https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1970/diffs?commit_id=f42df5995e08a89495e2f59a9ed89b5c03369bf8)). This extension provides unrestricted `Eval()` dbus method for running arbitrary code in the compositor.

View file

@ -20,9 +20,11 @@
'use strict';
const { Gio, GLib, Meta } = imports.gi;
const Main = imports.ui.main;
import Gio from 'gi://Gio'
import GLib from 'gi://GLib'
import Meta from 'gi://Meta'
import * as Main from 'resource:///org/gnome/shell/ui/main.js'
import { Extension } from 'resource:///org/gnome/shell/extensions/extension.js'
const EvalGjsIface =
'<node>' +
@ -35,8 +37,9 @@ const EvalGjsIface =
' </interface>' +
'</node>';
class EvalGjs {
constructor() {
export default class EvalGjs extends Extension {
constructor(metadata) {
super(metadata)
this._dbusImpl = Gio.DBusExportedObject.wrapJSObject(EvalGjsIface, this);
}
@ -85,7 +88,3 @@ class EvalGjs {
if (this._dbusImpl) this._dbusImpl.unexport();
}
}
function init() {
return new EvalGjs();
}

View file

@ -3,10 +3,7 @@
"description": "Evaluate GJS script through DBus",
"uuid": "eval-gjs@ramottamado.dev",
"shell-version": [
"41",
"42",
"43",
"44"
"45"
],
"url": "https://github.com/ramottamado/eval-gjs"
}
}