<listen>unix:tmpdir=/tmp</listen> should be changed to <listen>unix:dir=/tmp</listen> because <listen>unix:tmpdir=/tmp</listen> creates an abstract unix socket, the access to which cannot be restricted by file system permissions or linux mount namespace. The only way I know to restrict access to abstract unix socket is to execute applications in a new linux network namespace. I think linux distributions that use systemd already changed <listen>unix:tmpdir=/tmp</listen> to <listen>unix:dir=/tmp</listen>
For reference: https://gitlab.freedesktop.org/dbus/dbus/-/commit/b951c5006cb8dcd1ec18d9466cbc5a087bc26776
On systemd, the session bus listens on /run/user/$UID/bus. This possibly security issue would mainly affect users running OpenRC, with multiple users logged in simultaneously. It might also affect applications that start ad-hoc private session busses. The downside to reverting back to path-based sockets is that /tmp becomes cluttered with stale directories as users log in/out.
I don't see a strong reason to deviate from the upstream default setting. Users can override the behavior via the config file if they desire. If you can convince upstream to change the default, we will pick up that change in a version bump.
Cluterring /tmp is better than reducing security and privacy with abstract unix sockets. Abstract unix domain sockets don't have filesystem permissions which are the first line of defense. I also use firejail to sandbox applications. A path-based unix domain socket can be easily whitelisted in a firejail sandbox. I don't want to directly edit /usr/share/dbus-1/session.conf because it will be overwritten whenever I install dbus or upgrade dbus. Specifying <listen>unix:dir=/tmp</listen> in /etc/dbus-1/session.d/listen.conf doesn't eliminate abstract unix domain socket but just adds a path-based unix domain socket. It really doesn't take much to replace <listen>unix:dir=/tmp</listen> with <listen>unix:dir=/tmp</listen> in /usr/share/dbus-1/session.conf, and this simple trick immediately increases privacy and security.
Typo replace <listen>unix:dir=/tmp</listen> with <listen>unix:dir=/tmp</listen> ---> replace <listen>unix:tmpdir=/tmp</listen> with <listen>unix:dir=/tmp</listen>
You can change the default session bus listen address by passing something like --with-dbus-session-bus-listen-address=unix:dir=/tmp to autogen.sh or configure. Cmake build also can configure default session bus listen address.
You should really argue with upstream about this.
It looks dbus-daemon sets the mode on path-based unix sockets to 0777. https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.12.20/dbus/dbus-sysdeps-unix.c#L1249 Given that the socket is created in /tmp with mode 0777, any user could connect to the socket anyway.
If you want to change this locally, you could set EXTRA_ECONF="--with-dbus-session-bus-listen-address=unix:dir=/tmp" via portage's package.env feature.
