WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: dbus suspicious activity  (Read 429 times)

Offline LINK

  • Newbie
  • *
  • Posts: 2
dbus suspicious activity
« on: September 28, 2024, 09:04:57 PM »
Hello everyone, my name is LINK. The thing is, in CorePure64 or maybe also in the rest of the branches, when installing any browser, it also installs, dbus with its dependencies as elogind, which I find extremely strange and frustrating, since the dbus-launch --autolaunch process appears. I'm not an expert on dbus, but I'm worried that it's not on the dependency list, but it is dep. and the program doesn't run without it...

I also noticed that even wireshark, yad, librewolf etc. dbus also have an unspecified dependency. As far as I know, with dbus it is quite possible to organize file sharing with a remote machine, as well as full host management.


 Sorry for my English.   ???
« Last Edit: September 28, 2024, 09:07:13 PM by LINK »

Offline GNUser

  • Wiki Author
  • Hero Member
  • *****
  • Posts: 1509
Re: dbus suspicious activity
« Reply #1 on: September 28, 2024, 11:06:59 PM »
Hi LINK. yad doesn't require dbus, but will start dbus if dbus is available on the system. To prevent yad from starting dbus you can create a wrapper script (e.g., /home/tc/.local/bin/yad) that looks like this:
Code: [Select]
#!/bin/sh
export NO_AT_BRIDGE=1
exec /usr/local/bin/yad "$@"
Note that .dep files are recursive. gtk3.tcz and gtk2.tcz both have dbus.tcz in their dependency tree. If application foo depends on gtk3.tcz and dbus.tcz, foo.tcz.dep will contain gtk3.tcz but not dbus.tcz.

In my experience, many gtk applications depend on dbus and will start it if it's not already running. I think this is normal and not anything malicious.

Offline CardealRusso

  • Full Member
  • ***
  • Posts: 179
Re: dbus suspicious activity
« Reply #2 on: September 29, 2024, 05:00:42 AM »
librewolf was compiled --without-dbus, but as @GNUser stated, dbus is started by gtk. This is mentioned in the buildscript http://tinycorelinux.net/15.x/x86_64/tcz/src/librewolf/mozconfig
With pale moon, however, dbus is not started, even though it is a gtk2 dependency.

Here is a patchset for gtk3, which includes making dbus optional. https://github.com/lah7/gtk3-classic
« Last Edit: September 29, 2024, 05:09:59 AM by CardealRusso »

Offline nick65go

  • Hero Member
  • *****
  • Posts: 839
Re: dbus suspicious activity
« Reply #3 on: September 29, 2024, 06:14:44 AM »
I like (and used in the past) the method exposed by GNUser. My actual aproach today is to have an easy accesible menu (in windows manager), or in PATH, for a fast run of a custom sh script: to on-demand kill all d-bus instance and its childern. Becasue you can kill a dbus process for a program (ex: firefox) but then a new program (that you install later) could start again dbus.

Or, if you like TC defaut scripts -- which auto-add/list "services/demons in a FLTK window/panel, like cron, udhpc --, then you or TC developers, can have them (d-bus) directly in core settings panel, that you can start/stop. You just need to folow the logic of how these services show-up in the list, having the proper scripts in proper destinations.
 
« Last Edit: September 29, 2024, 06:23:45 AM by nick65go »

Offline LINK

  • Newbie
  • *
  • Posts: 2
Re: dbus suspicious activity
« Reply #4 on: September 29, 2024, 11:36:21 AM »
thank you for all your helpful answers!  ???

sh script: to on-demand kill all d-bus instance and its childern. Becasue you can kill a dbus process for a program (ex: firefox) but then a new program (that you install later) could start again dbus.

Destroying the dbus process will result in the program being closed.

librewolf was compiled --without-dbus, but as @GNUser stated, dbus is started by gtk. This is mentioned in the buildscript http://tinycorelinux.net/15.x/x86_64/tcz/src/librewolf/mozconfig
With pale moon, however, dbus is not started, even though it is a gtk2 dependency.

Here is a patchset for gtk3, which includes making dbus optional. https://github.com/lah7/gtk3-classic

that's right, it's strange that it's implemented this way, your advice with patches is interesting, thank you!

Note that .dep files are recursive. gtk3.tcz and gtk2.tcz both have dbus.tcz in their dependency tree. If application foo depends on gtk3.tcz and dbus.tcz, foo.tcz.dep will contain gtk3.tcz but not dbus.tcz.

In my experience, many gtk applications depend on dbus and will start it if it's not already running. I think this is normal and not anything malicious.

In other distributions, the same foo requiring dbus gtk3 are launched without the at-spi2-core dbus-launch etc. processes. Apparently, the problem is for me in the gtk3 package

Offline CentralWare

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 764
Re: dbus suspicious activity
« Reply #5 on: October 06, 2024, 09:36:38 PM »
@LINK:
Quote
D-Bus (short for "Desktop Bus") is a message-oriented middleware mechanism that allows communication between multiple processes running concurrently on the same machine. D-Bus was developed as part of the freedesktop.org project, initiated by GNOME developer Havoc Pennington to standardize services provided by Linux desktop environments such as GNOME and KDE.

If I'm reading your post correctly, it SOUNDS like you believe DBUS is being used to allow communication between COMPUTERS (such as, yourself and someone on the opposite side of the planet online.)  This is not really what it was intended to do.

If you were to develop a program for a Linux Desktop there's a TON of extra work you'd have to do which already exists elsewhere; if those services were built around the dbus methodology, dbus allows you to use existing windows or programs to provide information the system already has.  DBus is generally not used as an online communication protocol as I don't think it even has the means to "speak" any of the languages the internet works on (TCP/UDP/etc.) on its own.  It's just a messenger between running programs, not running computers.

Hope this helps clarify things a bit!

CAN dbus be used in some kind of "bad" way?  Sure!  No different than a Spoon can be used as a murder weapon.  It's not its intended purpose, but some people do strange things and computer virus attacks are no different...  except you, as the user, have to open the door to a virus; currently in 2024 there are no bugs out there I can think of that can break through standard defenses on their own, implant themselves on an unsuspecting user/computer and THEN hunt down vulnerabilities...  oh wait!  That's what we're inventing "AI" for! :)

MOVIE: The Matrix
They DID say their AI was created in 2024...

Take care and rest a little easier...  I'm reasonably certain dbus on its own is of no security concern to you at all.  If you were to install a program which utilizes and abuses those dbus powers...  I'm thinking that's where key-logger concepts come from, but the key logger itself has to first be installed as dbus doesn't "watch" what you do...  LOL...  it doesn't care! :)