Extension keeps regular top bar and other extensions enabled on lock screen
Closed this issue · 4 comments
This extension keeps the regular top bar and all other extensions enabled when locking the screen. This leads to private data being leaked (notification contents, calendar events, data from other extensions), lets anyone change certain settings that can be accessed through the top bar, and it allows for arbitrary code execution (Alt+F2, then type lg to access GNOME Shell's debugging tools which have a REPL. Sometimes you need to enter the activities overview first). This is a serious vulnerability and should be fixed ASAP. Until then, I recommend that all users of this extension disable it temporarily.
Edit: as an example, here's some code you can enter in the REPL to print your /etc/os-release: imports.gi.Gio.File.new_for_uri('file:///etc/os-release').load_contents(null)
Edit 2: I also just found some code you can enter to completely bypass the lock screen: Main.screenShield.deactivate()
Yeah, I also just stumbled upon this. Here's my screenshot.
Hello, I think maybe the extension applying and removing the theme on disable() and enable() might be causing this. This is my first extension, so if anyone has any ideas on what might be causing this feel free to add here or submit pr.
Thanks!
Edit: For now I recommend copying the generated theme from .config/gtk-4.0/gtk.css and .config/gtk-3.0/gtk.css, disabling the extension and applying those files back manually until this is resolved
I disabled notifications in 4e62021. This seems to have fixed the lock screen but definitely needs more testing. Let me know if the issue is reproducible on the new commit.
I've also updated the gnome extensions store copy to version 9 which disables notifications from the extension to prevent this issue.
Thanks, that solves it. And since that was the solution, I looked into it a bit more and it looks like the underlying bug is in gnome-shell, so I opened an issue over there: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/5719