As I understand it, systemctl uses D-Bus to send commands to systemd. I have read that systemd implemented their own D-Bus which is faster than stand-alone D-Bus.
So this gives me pause:
'Ever seen kwallet or gnome-keyring? Yeah, these things. These are supposed to be "secret storage" for things like signing keys, passwords, etc. They can be protected by a password, which means they are secure... right? No. No, they aren't. These secrets may be encrypted on disk, which technically prevents them from being stolen if your laptop is stolen. If you just cringed at that because disk encryption has been a thing for 20 years now or so, you're not alone. However, the best thing is this: any app on the bus can read all secrets in the store if the store is unlocked. No, this is not a #%&@ing joke. Once you input that password, any app can just read all of them without you noticing."
So, how does systemd ensure that D-Bus commands cannot originate from an unprivileged account?
Does systemd's D-Bus implementation use a different security architecture than stand-alone D-Bus?
I admit that I don't know anything about these mechanisms.
https://www.reddit.com/r/linux/comments/1lxd0hl/systemctl_vs...
systemd accepts commands from the system bus (i.e. the dbus instance running as uid 0). User desktops have their own session bus, which runs as the user.
Thanks, that makes sense.
Still, for user-level systemd, that means the bus is open to any binary running with the user's credentials.
This is not any worse than the risk of running ssh-agent, though.
polkit