Commit 7298ee23 authored by Florian Müllner's avatar Florian Müllner Committed by Marge Bot
Browse files

shellDBus: Use MetaContext:unsafe-mode to restrict Eval()

The Eval() method is unarguably the most sensitive D-Bus method
we expose, since it allows running arbitrary code in the compositor.

It is currently tied to the `development-tools` settings that is
enabled by default. As users have become accustomed to the built-in
commands that are enabled by the same setting (restart, lg, ...),
that default cannot easily be changed.

In order to restrict the method without affecting the rather harmless
commands, guard it by the new MetaContext:unsafe-mode property instead
of the setting.

#3943

Part-of: <!1970>
parent 3bee7c7f
......@@ -54,7 +54,7 @@ var GnomeShell = class {
*
*/
Eval(code) {
if (!global.settings.get_boolean('development-tools'))
if (!global.context.unsafe_mode)
return [false, ''];
let returnValue;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment