![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1205939
https://bugzilla.suse.com/show_bug.cgi?id=1205939#c4
Callum Farmer
The D-Bus interface is rather small but strangely completely unauthenticated. It allows all local users (included nobody et al) to e.g. lock an active session or switch between sessions. Also the creation of a session seems in reach, however in my tests it failed for some reason that I don't fully understand.
Maybe we can configure something in our packaging that leaves less attack surface there ...
CC'ing maintainer -- You are receiving this mail because: You are on the CC list for the bug.