The main reason wasn't actually security -- an extension can simply have a dummy disable() function if it wants. The main reason was that a lot of the extensions simply weren't designed for the lock screen in mind. The initial set of extensions that were uploaded were things like a new Apps Menu, or a Bottom Panel, or a custom status icon and top bar button.
These extensions didn't handle the case when the screen was locked, and exposing the top bar button during that time would have been a major information leak. It also seems like an easy thing to miss as an extension author, so I didn't want to risk it. It might be possible to extend the extension metadata format to support a new "handlesLockScreen" key and not turn it off when that happens. On Thu, Mar 17, 2016 at 12:56 PM, Jay Strict <jay.str...@posteo.de> wrote: > On 17.03.2016 16:04, Emmanuele Bassi wrote: >>> But the worst is that it was a futile effort because when the screen is >>> idle, gnome-shell disables the extensions. Why? >> >> It's a security measure. > > Hmm, is that so? > > >> Since an extension can do whatever it wants with the UI, it can also >> read the user's credentials from the session unlock screen; >> alternatively, it could take over the whole thing, and impersonate the >> user. > > Since an extension can do whatever it wants with the UI, it can also > simulate a fake session unlock screen and read the user's credentials > from there; > alternatively, it does not need to take over the user's session, because > it already runs as the user's UID and can spawn new processes as the > user with GLib.spawn_async(). > > > There may be sound arguments for disabling extensions on session lock, > but I doubt that those reasons are security. But maybe I am missing a > point here? > > > Kind regards, > Jay > _______________________________________________ > gnome-shell-list mailing list > gnome-shell-list@gnome.org > https://mail.gnome.org/mailman/listinfo/gnome-shell-list -- Jasper _______________________________________________ gnome-shell-list mailing list gnome-shell-list@gnome.org https://mail.gnome.org/mailman/listinfo/gnome-shell-list
