Jerry/eval-gjs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
https://github.com/ramottamado/eval-gjs
8 commits 1 branch 0 tags 47 KiB
JavaScript 92.9%
Makefile 7.1%
Find a file
Tamado Ramot Sitohang 7e708dc871
Update README.md, add warning
2023-09-17 22:08:39 +07:00
eval-gjs@ramottamado.dev Add support for recent GNOME versions 2023-03-28 11:49:00 +07:00
LICENSE Add docs to codes 2022-11-07 08:52:37 +07:00
Makefile First commit 2021-09-25 12:11:01 +07:00
README.md Update README.md, add warning 2023-09-17 22:08:39 +07:00

README.md

POTENTIAL SECURITY BREACH

This extension enables arbitrary code execution via Eval() dbus method. This means when you enable this extension, malicious apps, extensions or scripts can call the said dbus method and run malicious GJS codes on your machine.

The extension at https://extensions.gnome.org/extension/5952/eval-gjs/ was not uploaded nor maintained by me. Please refrain from installing this extension at all.

Eval GJS GNOME Shell Extension

As of GNOME 41, the dbus method Eval() is now restricted with MetaContext:unsafe-mode property (see this commit). This extension provides unrestricted Eval() dbus method for running arbitrary code in the compositor.

Features

  • Run arbitrary GJS code like you would with GNOME Eval() dbus method.
  • Main, Gio, GLib and Meta available by default.

Installation

git clone git://github.com/ramottamado/eval-gjs.git
cd eval-gjs
make install

Example Usage

gdbus call \
  --session \
  --dest org.gnome.Shell \
  --object-path /dev/ramottamado/EvalGjs \
  --method dev.ramottamado.EvalGjs.Eval "Main.overview.show();"