Also: Invalid error messages out of 'dbus'...how to suppress?

Simon McVittie smcv at collabora.com
Tue Dec 18 10:57:25 UTC 2018


On Tue, 18 Dec 2018 at 00:05:27 -0800, L A Walsh wrote:
> Besides the other error msg, there is also this one at login
> on the console by root:
> 
> dbus[62587]: Unable to set up transient service directory: XDG_RUNTIME_DIR
> "/var/run/user/0" can be written by others (mode 041770)
> 
> Looks like only root has access:
> 
> drwxrwx--T 2 root root 6 Aug 26  2016 /var/run/user/0/

This is out-of-spec for XDG_RUNTIME_DIR.
https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html says:

     $XDG_RUNTIME_DIR defines the base directory relative to which
     user-specific non-essential runtime files and other file objects
     (such as sockets, named pipes, ...) should be stored. The directory
     MUST be owned by the user, and he MUST be the only one having read
     and write access to it. Its Unix access mode MUST be 0700.

I suspect you have some program that is creating the runtime directory
(or maybe chmod'ing it) with incorrect permissions. Please locate and
fix that program, or don't set the XDG_RUNTIME_DIR environment variable.

Anyone who can write to the transient service directory can execute
arbitrary code with the privileges of the dbus-daemon, so dbus-daemon is
protecting you from a privilege escalation from gid 0 to uid 0. Maybe
on *your* system, there will never be a process with gid 0 and
uid != 0, but the dbus-daemon can't rely on that being universally true
across all systems.

This message is a warning, not an error, and the dbus-daemon will continue
to work with degraded functionality (you can't create .service files
in /var/run/user/0/dbus-1/services and have them treated as activatable
after the next ReloadConfig(), whereas people with correct permissions on
their XDG_RUNTIME_DIR can).

    smcv


More information about the dbus mailing list