Simon McVittie wrote: > For example, dbus-daemon can only usefully have hardening applied if it > was built with traditional (non-systemd) service activation disabled, > which we cannot usefully do in Debian for two reasons: because we support > non-systemd init systems, and because we don't (currently) require > every D-Bus system service to have a corresponding systemd system unit. > Because of the way traditional activation works, a child process of a > setuid-root helper that is run by dbus-daemon must be allowed to exercise > any privilege that might legitimately be needed by any D-Bus-activated > system service, which rules out otherwise useful things like ProtectSystem.
If we do want to further lock down D-Bus, we could have the D-Bus package build a variant that doesn't support traditional activation (for use on systemd-only systems), and a variant that does (for use on other systems). Then, we could work towards ensuring every D-Bus service supports service-based activation rather than only traditional activation. Over the course of a release cycle or so, we *could* get to the point of being able to lock down D-Bus on systemd systems.
